PT-2022-10528 · Unknown · Dolibarr Erp/Crm

Published

2022-03-31

·

Updated

2025-04-03

·

CVE-2021-36625

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Dolibarr ERP/CRM versions prior to 14.0.0
Description An SQL Injection issue exists via a POST request to the country id parameter in an UPDATE statement.
Recommendations For versions prior to 14.0.0, update to version 14.0.0 to resolve the issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BIT-DOLIBARR-2021-36625
CVE-2021-36625
GHSA-VRGP-3PH6-2WWQ

Affected Products

Dolibarr Erp/Crm