CVE-2026-33944 — SQL Injection in Dolibarr ERP/CRM
The localtax1_value parameter reaches an UPDATE query without sanitisation.
read →Penetration testing, red teaming and social engineering — performed manually and to recognised standards. Hard evidence and a report you can actually act on.
From a single application to a multi-week simulation of a real-world breach.
You know exactly what happens at each stage — from scope to the post-fix re-test.
Objectives, test boundaries and rules of engagement. No surprises.
OSINT and attack-surface mapping — what the adversary sees.
Manual testing and attack chains. Every vulnerability backed by a PoC.
A report for the board and IT, a remediation plan and a free re-test.
I have spent years in offensive IT security — penetration testing of web and mobile applications and of infrastructure. I work manually and methodically, aligned with OWASP ASVS/MASVS, NIST 800-115 and PTES, focusing on what slips past automated scanners: business-logic flaws, privilege-escalation chains and post-exploitation scenarios.
I hold the OSCP and OSWA certifications, I am a CVE author and a member of the red team at Synack. I confirm every vulnerability with a working proof of concept (PoC) and translate it into concrete, actionable recommendations.
CVE analyses, OWASP methodologies and pentesting fundamentals.
The localtax1_value parameter reaches an UPDATE query without sanitisation.
read →Missing server-side validation of the username field enables XSS during impersonation.
read →Types of pentests and why they are essential to an organisation's security.
read →Free consultation and a reply within 24 hours. Tell me what you want tested — I'll prepare the scope and a quote.