CVE-2017-9435

Publication date 5 June 2017

Last updated 26 August 2025


Ubuntu priority

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).

Status

Package Ubuntu Release Status
dolibarr 26.04 LTS resolute Not in release
25.10 questing Not in release
25.04 plucky Not in release
24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
22.04 LTS jammy Not in release
21.10 impish Not in release
21.04 hirsute Not in release
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Not in release
19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Ignored end of life
17.04 zesty Ignored end of life
16.10 yakkety Ignored end of life
16.04 LTS xenial Ignored end of standard support, was needed
14.04 LTS trusty Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
dolibarr

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities