ID de Prueba:	1.3.6.1.4.1.25623.1.0.902644
Categoría:	Web application abuses
Título:	Dolibarr < 3.1RC3 Multiple Vulnerabilities - Active Check
Resumen:	Dolibarr is prone to multiple cross-site scripting (XSS) and; SQL injection (SQLi) vulnerabilities.
Descripción:	Summary: Dolibarr is prone to multiple cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities. Vulnerability Insight: The flaws are due to improper validation of user-supplied input - Passed via PATH_INFO to multiple scripts allows attackers to inject arbitrary HTML code. - Passed via the 'sortfield', 'sortorder', 'sall', 'id' and 'rowid' parameters to multiple scripts, which allows attackers to manipulate SQL queries by injecting arbitrary SQL code. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site and to cause SQL Injection attack to gain sensitive information. Affected Software/OS: Dolibarr version 3.1.0RC and prior. Solution: Update to version 3.1RC3 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4814 BugTraq ID: 50777 http://www.securityfocus.com/bid/50777 Bugtraq: 20111123 Multiple vulnerabilities in Dolibarr (Google Search) http://www.securityfocus.com/archive/1/520619/100/0/threaded https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html http://www.osvdb.org/77339 Common Vulnerability Exposure (CVE) ID: CVE-2011-4802 http://osvdb.org/77340 http://osvdb.org/77341 http://osvdb.org/77342 http://osvdb.org/77343 http://osvdb.org/77344 http://osvdb.org/77345 http://osvdb.org/77346 http://osvdb.org/77347
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.