Description
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Remediation
References
Related Vulnerabilities
WordPress Plugin Rich Widget Arbitrary File Upload (0.2.4)
WordPress Plugin Skysa App Bar Integration 'submit' Parameter Cross-Site Scripting (1.03)
PHP Other Vulnerability (CVE-2011-3182)
Zope Web Application Server Other Vulnerability (CVE-2005-3323)
WordPress Plugin yolink Search for WordPress 'bulkcrawl.php' SQL Injection (1.1.4)