Fluid Attacks Database

Description

Dolibarr SQL injection vulnerability in product/card.php SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	dolibarr/dolibarr	=7.0.3 \|\| >=7.0.3 <7.0.4	7.0.4

Aliases

1. CVE-2018-134482. NVD-2018-134483. OSV-2018-134484. GCVE-2018-13448

References

1. https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb