CVE-2013-2091
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2013-2091
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dolibarr ERP/CRM SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dolibarr ERP/CRM是法国Dolibarr基金会的一套基于Web的企业资源计划(ERP)和客户关系管理(CRM)系统。该系统可用来管理产品、库存、发票、订单等。 Dolibarr ERP/CRM 3.3.1版本中存在SQL注入漏洞。远程攻击者可借助fiche.php文件的‘pays’参数利用该漏洞执行任意SQL命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2013-2091
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2013-2091
Please Login to view more intelligence information
- 🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/84248x_refsource_MISC
- 🔗 https://security-tracker.debian.org/tracker/CVE-2013-2091x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/05/14/3x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2013-2091
Same Patch Batch · dolibarr · 2019-11-20 · 3 CVEs total
| CVE-2013-2092 | Dolibarr ERP/CRM 跨站脚本漏洞 | |
| CVE-2013-2093 | Dolibarr ERP/CRM 输入验证错误漏洞 |
IV. Related Vulnerabilities
Same product: dolibarr
- CVE-2025-67486
Dolibarr has an Authenticated Remote Code Execution via eval - CVE-2026-23500
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF con - CVE-2026-34036
Dolibarr Core Discloses Sensitive Data via Authenticated Loc - CVE-2020-36966
Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripti - CVE-2024-23817
Dolibarr Application Home Page HTML injection vulnerability
Same vendor: dolibarr
- CVE-2025-67486
Dolibarr has an Authenticated Remote Code Execution via eval - CVE-2026-7689
Dolibarr ERP CRM Online Signature security.lib.php dol_verif - CVE-2026-7688
Dolibarr ERP CRM Shipments API Endpoint expedition.class.php - CVE-2026-23500
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF con - CVE-2019-25710
Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter
V. Comments for CVE-2013-2091
No comments yet