On 10.05.2017 10:28, FOXMOLE Advisories wrote: > === FOXMOLE - Security Advisory 2017-02-23 === > > Dolibarr ERP & CRM - Multiple Issues > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Affected Versions > ================= > Dolibarr 4.0.4 > > Issue Overview > ============== > Vulnerability Type: SQL Injection, Cross Site Scripting, > Weak Hash Algorithm without Salt, Weak Password Change Method > Technical Risk: critical > Likelihood of Exploitation: medium > Vendor: Dolibarr > Vendor URL: http://ift.tt/1SLkKIl > Credits: FOXMOLE employees Tim Herres and Stefan Pietsch > Advisory URL: http://ift.tt/2qqXfxh > Advisory Status: Public > OVE-ID: OVE-20170223-0001 > CVE Number: CVE-2017-7886, CVE-2017-7887, CVE-2017-7888 > CVE URL: http://ift.tt/2r1u1SS > http://ift.tt/2qqZzUY > http://ift.tt/2r1u2pU > CWE-ID: CWE-79, CWE-89, CWE-327, CWE-620, CWE-759 > CVSS 2.0: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment