Dolibarr ERP/CRM prior to 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
dolibarr dolibarr