Dolibarr多个SQL注入漏洞(CVE(2)

[IP]/dolibarr/projet/tasks/contact.php?id=2&source=internal&token
 =acff06ed1720e3ec66a16918dcee2bfd&action=addcontact&type=181&contactid=2
 <SQL Injection>&withproject=1

[IP]/dolibarr/product/stock/fiche.php?id=1<SQL Injection>

[IP]/dolibarr/projet/contact.php?ref=PJ1407-0002<SQL Injection>

[IP]/dolibarr/projet/ganttview.php?ref=PJ1407-0002<SQL Injection>

[IP]/dolibarr/product/stock/fiche.php?id=1<SQL Injection>

[IP]/dolibarr/projet/note.php?ref=PJ1407-0002<SQL Injection>

[IP]/dolibarr/projet/tasks/contact.php?project_ref=PJ1407-0002<SQ
 L Injection>&withproject=1

[IP]/dolibarr/projet/tasks.php?ref=PJ1407-0002<SQL Injection>&mode=mine

[IP]/dolibarr/projet/tasks/note.php?project_ref=PJ1407-0002<SQL Injection>&withproject=1

[IP]/dolibarr/contact/info.php?id=2<SQL Injection>&optioncss=print

[IP]/dolibarr/societe/commerciaux.php?socid=117260852<SQL Injection>&optioncss=print

[IP]/dolibarr/compta/dons/liste.php?statut=2<SQL Injection>

[IP]/dolibarr/societe/rib.php?socid=1<SQL Injection>&optioncss=print

[IP]/dolibarr/adherents/liste.php?leftmenu=members&statut=1<SQL Injection>&filter=outofdate&idmenu=9431&mainmenu=members

[IP]/dolibarr/product/reassort.php?sortfield=p.ref&sortorder=asc&
 begin=&tosell=43<SQL Injection>&tobuy=&type=0&fourn_id=&snom=&sref=&

[IP]/dolibarr/product/reassort.php?sortfield=p.ref&sortorder=asc&
 begin=&tosell=&tobuy=3<SQL Injection>&type=0&fourn_id=&snom=&sref=&

[IP]/dol[IP]/dolibarr/product/index.php?leftmenu=product&t
 ype=0<SQL Injection>&idmenu=2819&mainmenu=products

[IP]/dolibarr/product/stats/facture.php?sortfield=s.rowid<SQL Injection>&sortorder=asc&begin=&id=2

[IP]/dolibarr/product/stats/facture.php?sortfield=s.rowid&sortord
 er=asc<SQL Injection>&begin=&id=2

[IP]/dolibarr/user/index.php?sortfield=u.login&sortorder=asc&begi
 n=search_user=&sall=&search_statut=<SQL Injection>&

[IP]/dolibarr/compta/bank/fiche.php?id=<SQL Injection>

[IP]/dolibarr/compta/prelevement/liste.php?search_code=5<SQL Injection>&search_societe=5&search_ligne=5&search_bon=5&button_search.x=
 1&button_search.y=1

[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_s
 ociete=5<SQL Injection>&search_ligne=5&search_bon=5&button_search.x=1&button_search.y
 =1

[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_s
 ociete=5&search_ligne=5<SQL Injection>&search_bon=5&button_search.x=1&button_search.y=1

[IP]/dolibarr/compta/prelevement/liste.php?search_code=5&search_s
 ociete=5&search_ligne=5&search_bon=5<SQL Injection>&button_search.x=1&button_search.y=1

[IP]/dolibarr/compta/prelevement/bons.php?sortfield=p.ref&sortord
 er=asc<SQL Injection>&begin=&

[IP]/dolibarr/compta/prelevement/bons.php?sortfield=p.ref<SQL Injection>&sortorder=asc&begin=&

[IP]/dolibarr/product/stats/commande.php?sortfield=c.rowid&sortor
 der=asc<SQL Injection>&begin=&id=2

[IP]/dolibarr/product/stats/commande.php?sortfield=c.rowid<SQL Injection>&sortorder=asc&begin=&id=2

建议:
厂商补丁:

Dolibarr
 --------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:


https://www.portcullis-security.com/security-research-and-downloads/secu
 rity-advisories/cve-2014-7137/

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/899ac50714c110d78f1fc88c3dbf98cc.html