CVE-2018-19998

Опубликовано: 03 янв. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

Ссылки

https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
Patch
Third Party Advisory
https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
Patch
Third Party Advisory
https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
Patch
Third Party Advisory
https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:8.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00258

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2018-19998

CVSS3: 8.8

ubuntu

около 7 лет назад

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

CVE-2018-19998

CVSS3: 8.8

debian

около 7 лет назад

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...

GHSA-97jv-2hp6-3frj

CVSS3: 8.8

github

больше 3 лет назад

Dolibarr SQL injection vulnerability in user/card.php

EPSS

Процентиль: 49%

0.00258

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89