[Secure-testing-team] Bug#864569: dolibarr: CVE-2017-9435
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 10 19:40:07 UTC 2017
Source: dolibarr
Version: 4.0.2+dfsg4-2
Severity: grave
Tags: upstream security patch
Justification: user security hole
Hi,
the following vulnerability was published for dolibarr.
CVE-2017-9435[0]:
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in
| user/index.php (search_supervisor and search_statut parameters).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9435
[1] https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
Please adjust the affected versions in the BTS as needed, only the
version 4.0.2+dfsg4-2 has been inspected source code wise.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list