Chevalier 3As

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM version 3.3.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the `pays` parameter in the "fiche.php" file. **Recommendations** For Dolibarr ERP/CRM version 3.3.1, avoid using the `pays` parameter in the fiche.php file until the issue is resolved. Consider restricting access to fiche.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM version 3.3.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This is due to a Cross-site Scripting (XSS) flaw in the functions.lib.php file. **Recommendations** For Dolibarr ERP/CRM version 3.3.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM version 3.3.1 **Description** The issue arises from improper validation of user input in certain files, allowing remote attackers to execute arbitrary commands. This is specifically related to the `viewimage.php` and `barcode.lib.php` files. **Recommendations** For Dolibarr ERP/CRM version 3.3.1, consider restricting access to the `viewimage.php` and `barcode.lib.php` files until a patch is available. As a temporary workaround, ensure that all user input is thoroughly validated and sanitized to prevent command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.