Dolibarr 12.0.3, Multiple SQL injection #15572
Labels
Bug
This is a bug (something does not work as expected)
Priority - Security
This is a bug identified as a security bug
An authenticated user with the right to view customer orders (which can be common since it is not a high privilege and therefore increases the probability of exploitation) can exploit the SQLi by performing a Time Based attack.
See -> https://therealcoiffeur.github.io/c10010
The text was updated successfully, but these errors were encountered: