Description
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Remediation
References
Related Vulnerabilities
Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.13)
WordPress Plugin Apocalypse Meow Security Bypass (21.2.7)
Magento Session Fixation Vulnerability (CVE-2019-8116)
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
WordPress Plugin uTubeVideo Gallery Unspecified Vulnerability (2.0.4)