CyberSec.Space Logo
Back to CVE Browser

CVE-2018-16809

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile39.89th
PublishedMar 7, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr

>= 3.8.0 and <= 7.0.0

References & Advisories

🔗 https://github.com/Dolibarr/dolibarr/issues/9449
🔗 https://github.com/Dolibarr/dolibarr/issues/9449

Related Vulnerabilities

CVE-2020-79959.8

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2019-192129.8

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

CVE-2021-338169.8

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in wh...