CVE-2018-16809: SQL Injection
First published: Thu Mar 07 2019(Updated: )
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dolibarr Dolibarr | >=3.8.0<=7.0.0 | |
| composer/dolibarr/dolibarr | >=3.8<=7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-16809.
What is the severity of CVE-2018-16809?
The severity of CVE-2018-16809 is critical with a severity value of 9.8.
How does the vulnerability in Dolibarr through 7.0.0 allow SQL injection?
The vulnerability in Dolibarr through 7.0.0 allows SQL injection via the integer parameters qty and value_unit in the expense reports module.
What is the affected software for CVE-2018-16809?
The affected software for CVE-2018-16809 is Dolibarr version 3.8.0 through 7.0.0.
Is there a patch available for fixing the vulnerability in Dolibarr?
Yes, you can find more information about the patch for fixing the vulnerability in Dolibarr at the reference link provided.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-h34q-878w-w96r
- alias/CVE-2018-16809
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/event
- agent/description
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dolibarr
- canonical/dolibarr dolibarr
- version/dolibarr dolibarr/3.8.0
- version/dolibarr dolibarr/7.0.0
- package-manager/composer