CVE-2018-19998

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

Published : 2019-01-03 19:29 Updated : 2019-01-11 15:50

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Dolibarr Dolibarr 8.0.2 cpe:/a:dolibarr:dolibarr:8.0.2
  1. Dolibarr (1) Search CVE
    1. Dolibarr (1) Search CVE
      1. 8.0.2

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2019-01-11 15:50
2019-01-03 19:29

New CVE