-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe HeroLab advisory explicitly identifies mails_templates.php as handling the vulnerable $langs->defaultlang parameter derived from the HTTP Accept-Language header. This value was used unsafely in SQL queries without proper parameterization. While exact function names aren't disclosed in available sources, the file path and variable usage pattern are specifically documented in the PoC description. The XSS-related files (dolibarr.php/main.inc.php) are excluded as they relate to a different vulnerability type (XSS) mentioned in the same advisory.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | < 10.0.3 | 10.0.3 |
PHPPHPOngoing coverage of React2Shell