Описание
Dolibarr SQL injection via the integer parameters qty and value_unit
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Пакеты
Наименование
dolibarr/dolibarr
composer
Затронутые версииВерсия исправления
>= 3.8, <= 7.0.0
Отсутствует
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 7 лет назад
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
CVSS3: 9.8
nvd
почти 7 лет назад
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
CVSS3: 9.8
debian
почти 7 лет назад
An issue was discovered in Dolibarr through 7.0.0. expensereport/card. ...