-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from how the 'statut' parameter was handled in don/list.php. The unpatched code used $_GET['statut'] directly in an SQL query without sanitization (via $sql .= 'AND d.fk_statut = '.$statut). The patch introduced GETPOST('statut','intcomma') to sanitize the input, and switched to an IN clause with proper formatting. While no named function is explicitly vulnerable, the SQL injection occurs in the inline query-building logic of don/list.php, which qualifies as the vulnerable 'function' in the broader sense of executable code flow.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | < 6.0.1 | 6.0.1 |
PHPPHPOngoing coverage of React2Shell