CVE-2018-19994
published 2019-01-03CVE-2018-19994: An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands…
PriorityP353high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.03%
78.6th percentile
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 8.0.4 | 8.0.4 |
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dolibarr error-based SQL injection vulnerability in product/card.php
osv·2022-05-14
CVE-2018-19994 [HIGH] Dolibarr error-based SQL injection vulnerability in product/card.php
Dolibarr error-based SQL injection vulnerability in product/card.php
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
GHSA
Dolibarr error-based SQL injection vulnerability in product/card.php
ghsa·2022-05-14
CVE-2018-19994 [HIGH] CWE-89 Dolibarr error-based SQL injection vulnerability in product/card.php
Dolibarr error-based SQL injection vulnerability in product/card.php
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
OSV
CVE-2018-19994: An error-based SQL injection vulnerability in product/card
osv·2019-01-03·CVSS 8.8
CVE-2018-19994 [HIGH] CVE-2018-19994: An error-based SQL injection vulnerability in product/card
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-01-03
Published