Unrated severityNVD Advisory· Published Feb 21, 2012· Updated Apr 29, 2026

CVE-2012-1225

Description

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Affected products

Dolibarr/Dolibarr ERP\/CRM13 versions
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:alpha:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:alpha:*:*:*:*:*:*range: <=3.2.0
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.1.0:rc:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2012-02/0056.htmlnvdExploit
www.securityfocus.com/bid/51956nvdExploit
secunia.com/advisories/47969nvdVendor Advisory
osvdb.org/79011nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000