cbcvebase.
CVE-2018-9019
published 2018-05-22

CVE-2018-9019: SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.

Affected

5 ranges
VendorProductVersion rangeFixed in
dolibarrdolibarr< 7.0.27.0.2
dolibarrdolibarr>= 0 < 7.0.27.0.2
oracledata_integrator
oracledata_integrator
oracledata_integrator

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL