Unrated severityNVD Advisory· Published Dec 14, 2011· Updated Jun 16, 2026
CVE-2011-4802
CVE-2011-4802
Description
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:rc:*:*:*:*:*:*range: <=3.1.0
- (no CPE)range: <=3.1.0 RC
Patches
Vulnerability mechanics
References
15- osvdb.org/77346nvdBroken LinkExploit
- osvdb.org/77347nvdBroken LinkExploit
- www.securityfocus.com/bid/50777nvdExploitThird Party AdvisoryVDB Entry
- github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91nvdExploitPatch
- github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1nvdExploitPatch
- github.com/Dolibarr/dolibarr/commit/c539155d6ac2f5b6ea75b87a16f298c0090e535anvdExploitPatch
- github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675nvdExploitPatch
- www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.htmlnvdExploit
- www.securityfocus.com/archive/1/520619/100/0/threadednvdThird Party AdvisoryVDB Entry
- osvdb.org/77340nvdBroken Link
- osvdb.org/77341nvdBroken Link
- osvdb.org/77342nvdBroken Link
- osvdb.org/77343nvdBroken Link
- osvdb.org/77344nvdBroken Link
- osvdb.org/77345nvdBroken Link
News mentions
0No linked articles in our index yet.