An issue exists in Dolibarr up to and including 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dolibarr dolibarr |