Description

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

Remediation

References

CVE-2018-19998

Related Vulnerabilities

WordPress Plugin Easy Contact Form Builder Cross-Site Scripting (1.0)

Apache HTTP Server Other Vulnerability (CVE-2013-4352)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

WordPress Plugin SP Rental Manager SQL Injection (1.5.3)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2021-20496)

Severity

High

Classification

CVE-2018-19998 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities