Description
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2020-2969 Vulnerability (CVE-2020-2969)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3170)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6)
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Unspecified Vulnerability (2.11.0)