Description

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

Remediation

References

CVE-2018-10094

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2019-2426)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2022-1343)

MediaWiki Missing Authorization Vulnerability (CVE-2019-12470)

WordPress Plugin WordPress Download Manager Unspecified Vulnerability (3.1.18)

Severity

Critical

Classification

CVE-2018-10094 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities