CVE-2018-19994

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

Published : 2019-01-03 19:29 Updated : 2019-01-09 13:12

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Dolibarr Dolibarr 8.0.2 cpe:/a:dolibarr:dolibarr:8.0.2
  1. Dolibarr (1) Search CVE
    1. Dolibarr (1) Search CVE
      1. 8.0.2

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-01-09 13:12
2019-01-03 19:29

New CVE