Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. dolibarr/dolibarr
  4. ›
  5. CVE-2022-4093

CVE-2022-4093: SQL injection in Dolibarr

November 21, 2022 (updated November 23, 2022)

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization’s systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected

References

  • github.com/advisories/GHSA-gjg7-qfvp-9hm4
  • github.com/dolibarr/dolibarr/commit/7c1eac9774bd1fed0b7b4594159f2ac2d12a4011
  • huntr.dev/bounties/677ca8ee-ffbc-4b39-b294-2ce81bd56788
  • nvd.nist.gov/vuln/detail/CVE-2022-4093

Code Behaviors & Features

Detect and mitigate CVE-2022-4093 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 16.0.1 up to 16.0.2

Solution

Unfortunately, there is no solution available yet.

Impact 9.8 CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS

Weakness

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Source file

packagist/dolibarr/dolibarr/CVE-2022-4093.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:45 +0000.