CVE-2018-16809

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0710%

EPSS Percentile39.89th

Published2019年3月7日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

Affected Platforms (CPE)

📦

Dolibarr

>= 3.8.0 and <= 7.0.0

References & Advisories

🔗 https://github.com/Dolibarr/dolibarr/issues/9449

相關漏洞威脅

CVE-2020-79959.8

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2019-192129.8

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

CVE-2021-338169.8

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in wh...