Description
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Remediation
References
Related Vulnerabilities
MyBB Improper Access Control Vulnerability (CVE-2016-9415)
MediaWiki Resource Management Errors Vulnerability (CVE-2015-2942)
WordPress Plugin Product Catalog SQL Injection (3.1.2)
Oracle JRE CVE-2019-2999 Vulnerability (CVE-2019-2999)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2015-8617)