Web application abuses : Dolibarr < 8.0.4 Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.141823

Kategorie: Web application abuses

Titel: Dolibarr < 8.0.4 Multiple Vulnerabilities

Zusammenfassung: Dolibarr is prone to multiple vulnerabilities.

Beschreibung: Summary:
Dolibarr is prone to multiple vulnerabilities.

Vulnerability Insight:
Dolibarr is prone to multiple vulnerabilities:

- A stored cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web
script or HTML via the 'address' (POST) or 'town' (POST) parameter to adherents/type.php (CVE-2018-19992)

- A reflected cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or
HTML via the transphrase parameter to public/notice.php (CVE-2018-19993)

- An error-based SQL injection vulnerability in product/card.php allows remote authenticated users to execute
arbitrary SQL commands via the desiredstock parameter (CVE-2018-19994)

- A stored cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web
script or HTML via the 'address' (POST) or 'town' (POST) parameter to user/card.php (CVE-2018-19995)

- SQL injection vulnerability in user/card.php allows remote authenticated users to execute arbitrary SQL
commands via the employee parameter (CVE-2018-19998)

Affected Software/OS:
Dolibarr prior to version 8.0.4.

Solution:
Update to version 8.0.4 or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-19992
Common Vulnerability Exposure (CVE) ID: CVE-2018-19993
Common Vulnerability Exposure (CVE) ID: CVE-2018-19994
Common Vulnerability Exposure (CVE) ID: CVE-2018-19995
Common Vulnerability Exposure (CVE) ID: CVE-2018-19998

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.141823
Kategorie:	Web application abuses
Titel:	Dolibarr < 8.0.4 Multiple Vulnerabilities
Zusammenfassung:	Dolibarr is prone to multiple vulnerabilities.
Beschreibung:	Summary: Dolibarr is prone to multiple vulnerabilities. Vulnerability Insight: Dolibarr is prone to multiple vulnerabilities: - A stored cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the 'address' (POST) or 'town' (POST) parameter to adherents/type.php (CVE-2018-19992) - A reflected cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php (CVE-2018-19993) - An error-based SQL injection vulnerability in product/card.php allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter (CVE-2018-19994) - A stored cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the 'address' (POST) or 'town' (POST) parameter to user/card.php (CVE-2018-19995) - SQL injection vulnerability in user/card.php allows remote authenticated users to execute arbitrary SQL commands via the employee parameter (CVE-2018-19998) Affected Software/OS: Dolibarr prior to version 8.0.4. Solution: Update to version 8.0.4 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-19992 Common Vulnerability Exposure (CVE) ID: CVE-2018-19993 Common Vulnerability Exposure (CVE) ID: CVE-2018-19994 Common Vulnerability Exposure (CVE) ID: CVE-2018-19995 Common Vulnerability Exposure (CVE) ID: CVE-2018-19998
Copyright	Copyright (C) 2019 Greenbone Networks GmbH