Fluid Attacks Database

Description

Dolibarr SQL injection vulnerability in product/card.php SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	dolibarr/dolibarr	=7.0.3 \|\| >=7.0.3 <7.0.4	7.0.4

Aliases

1. CVE-2018-134492. NVD-2018-134493. OSV-2018-134494. GCVE-2018-13449

References

1. https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb