logo

Database

SQL injection - Code In dolibarr/dolibarr

Description

Dolibarr SQL injection via type parameter in product/stats/card.php Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-98392. NVD-2017-98393. OSV-2017-98394. GCVE-2017-9839

References

1. https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.