[Secure-testing-team] Bug#885319: dolibarr: CVE-2017-14242: SQL injection vulnerability in don/list.php
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 26 07:00:48 UTC 2017
Source: dolibarr
Version: 3.5.5+dfsg1-1
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for dolibarr.
CVE-2017-14242[0]:
| SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0
| allows remote attackers to execute arbitrary SQL commands via the
| statut parameter.
The code in question was moved several times around e.g. from
htdocs/compta/dons/list.php to htdocs/donations/list.php, then to the
dons directory.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14242
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list