Package: dolibarr Version: 3.5.3+dfsg2-1 Severity: important Tags: security, fixed-upstream
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3992 Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. Fixed in 3.5.4 version. http://osvdb.org/108861 http://www.dolibarr.org/88-news/169-dolibarr-erp-crm-3-5-4-maintenance-release-for-branch-3-5-is-available --- Henri Salo
signature.asc
Description: Digital signature
