CVE-2018-10094

Опубликовано: 22 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

Ссылки

http://www.openwall.com/lists/oss-security/2018/05/21/1
Exploit
Mailing List
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
Release Notes
https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd
Patch
https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability/
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44805/
Exploit
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2018/05/21/1
Exploit
Mailing List
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
Release Notes
https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd
Patch
https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability/
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44805/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*

Версия до 7.0.2 (исключая)

EPSS

Процентиль: 99%

0.73712

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2018-10094

CVSS3: 9.8

ubuntu

больше 7 лет назад

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

CVE-2018-10094

CVSS3: 9.8

debian

больше 7 лет назад

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote att ...

GHSA-57wj-22w9-wm9r

CVSS3: 9.8

github

больше 3 лет назад

Dolibarr SQL injection vulnerability

EPSS

Процентиль: 99%

0.73712

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89