CVE-2018-19998
published 2019-01-03CVE-2018-19998: SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee…
PriorityP352high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.21%
80.4th percentile
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 8.0.4 | 8.0.4 |
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dolibarr SQL injection vulnerability in user/card.php
osv·2022-05-14
CVE-2018-19998 [HIGH] Dolibarr SQL injection vulnerability in user/card.php
Dolibarr SQL injection vulnerability in user/card.php
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
GHSA
Dolibarr SQL injection vulnerability in user/card.php
ghsa·2022-05-14
CVE-2018-19998 [HIGH] CWE-89 Dolibarr SQL injection vulnerability in user/card.php
Dolibarr SQL injection vulnerability in user/card.php
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
OSV
CVE-2018-19998: SQL injection vulnerability in user/card
osv·2019-01-03·CVSS 8.8
CVE-2018-19998 [HIGH] CVE-2018-19998: SQL injection vulnerability in user/card
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4ahttps://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4ahttps://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
2019-01-03
Published