CVE-2017-18260

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM versions prior to 7.0.0

Description: The issue affects Dolibarr ERP/CRM, where multiple SQL injection vulnerabilities have been identified. These vulnerabilities can be exploited via the "comm/propal/list.php" endpoint, specifically through the viewstatut parameter or the propal statut parameter, also known as the search statut parameter.

Recommendations: For versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "comm/propal/list.php" endpoint and avoiding the use of the viewstatut and propal statut (or search statut) parameters until the update is applied.