CVE-2026-33944 — SQL Injection in Dolibarr ERP/CRM
The localtax1_value parameter reaches an UPDATE query without sanitisation — full database exfiltration.
read →CVE analyses, OWASP methodologies and pentesting fundamentals — from a practitioner's perspective.
The localtax1_value parameter reaches an UPDATE query without sanitisation — full database exfiltration.
read →Missing server-side validation of the username field enables XSS during impersonation.
read →Three verification levels, practical examples and a case study from real pentests.
read →How the new threat categories will affect application testing methodologies.
read →Types of pentests (black/grey/white-box) and why they are essential.
read →Deepfakes, personalised attacks and the role of phishing campaigns in defence.
read →