Source: dolibarr Version: 4.0.2+dfsg4-2 Severity: grave Tags: upstream security patch Justification: user security hole
Hi, the following vulnerability was published for dolibarr. CVE-2017-9435[0]: | Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in | user/index.php (search_supervisor and search_statut parameters). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9435 [1] https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04 Please adjust the affected versions in the BTS as needed, only the version 4.0.2+dfsg4-2 has been inspected source code wise. Regards, Salvatore