2019-03-08 00:29:00 2019-03-08 16:20:01

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Dolibarr Dolibarr 3.8.0 (not an official CPE) Dolibarr Dolibarr 3.8.0 Beta (not an official CPE) Dolibarr Dolibarr 3.8.0 Beta1 (not an official CPE) Dolibarr Dolibarr 3.8.1 (not an official CPE) Dolibarr Dolibarr 3.8.2 (not an official CPE) Dolibarr Dolibarr 3.8.4 (not an official CPE) Dolibarr Dolibarr 3.9.0 (not an official CPE) Dolibarr Dolibarr 3.9.0 Rc (not an official CPE) Dolibarr Dolibarr 3.9.0 Rc2 (not an official CPE) Dolibarr Dolibarr 3.9.1 (not an official CPE) Dolibarr Dolibarr 3.9.2 (not an official CPE) Dolibarr Dolibarr 3.9.3 (not an official CPE) Dolibarr Dolibarr 3.9.4 (not an official CPE) Dolibarr Dolibarr 4.0.0 (not an official CPE) Dolibarr Dolibarr 4.0.0 Beta (not an official CPE) Dolibarr Dolibarr 4.0.0 Rc (not an official CPE) Dolibarr Dolibarr 4.0.0 Rc2 (not an official CPE) Dolibarr Dolibarr 4.0.1 (not an official CPE) Dolibarr Dolibarr 4.0.2 (not an official CPE) Dolibarr Dolibarr 4.0.3 (not an official CPE) Dolibarr Dolibarr 4.0.4 (not an official CPE) Dolibarr Dolibarr 4.0.5 (not an official CPE) Dolibarr Dolibarr 4.0.6 (not an official CPE) Dolibarr Dolibarr 5.0.0 (not an official CPE) Dolibarr Dolibarr 5.0.0 Beta (not an official CPE) Dolibarr Dolibarr 5.0.0 Rc1 (not an official CPE) Dolibarr Dolibarr 5.0.0 Rc2 (not an official CPE) Dolibarr Dolibarr 5.0.1 (not an official CPE) Dolibarr Dolibarr 5.0.2 (not an official CPE) Dolibarr Dolibarr 5.0.3 (not an official CPE) Dolibarr Dolibarr 5.0.4 (not an official CPE) Dolibarr Dolibarr 5.0.6 (not an official CPE) Dolibarr Dolibarr 5.0.7 (not an official CPE) Dolibarr Dolibarr 6.0.0 (not an official CPE) Dolibarr Dolibarr 6.0.0 Beta (not an official CPE) Dolibarr Dolibarr 6.0.0 Rc (not an official CPE) Dolibarr Dolibarr 6.0.1 (not an official CPE) Dolibarr Dolibarr 6.0.2 (not an official CPE) Dolibarr Dolibarr 6.0.3 (not an official CPE) Dolibarr Dolibarr 6.0.4 (not an official CPE) Dolibarr Dolibarr 6.0.5 (not an official CPE) Dolibarr Dolibarr 6.0.6 (not an official CPE) Dolibarr Dolibarr 6.0.7 (not an official CPE) Dolibarr Dolibarr 6.0.8 (not an official CPE) Dolibarr Dolibarr 7.0.0 (not an official CPE)
Advisory Patch Confirmed Link
https://github.com/Dolibarr/dolibarr/issues/9449