VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 14, 2011· Updated Apr 29, 2026

CVE-2011-4802

CVE-2011-4802

Description

Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.

Affected products

11
  • Dolibarr/Dolibarr ERP\/CRM11 versions
    cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:rc:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:rc:*:*:*:*:*:*range: <=3.1.0
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.1:*:*:*:*:*:*:*

Patches

4
63820ab37537
https://github.com/dolibarr/dolibarrvia nvd-ref
commit
762f98ab4137
https://github.com/dolibarr/dolibarrvia nvd-ref
commit
c539155d6ac2
https://github.com/dolibarr/dolibarrvia nvd-ref
commit
d08d28c0cda1
https://github.com/dolibarr/dolibarrvia nvd-ref
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

15

News mentions

0

No linked articles in our index yet.