CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-19994

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/Dolibarr/dolibarr/commit/850b939ffd2c7a4443649331b923d5e0da2d6446
https://github.com/Dolibarr/dolibarr/commit/850b939ffd2c7a4443649331b923d5e0da2d6446

Products affected by CVE-2018-19994

Dolibarr » Dolibarr Erp/crm » Version: 8.0.2

cpe:2.3:a:dolibarr:dolibarr_erp/crm:8.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19994

Products

Pricing

Contact Us