Description

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

Remediation

References

CVE-2018-19994

Related Vulnerabilities

WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)

WordPress Plugin Image Optimizer, Resizer and CDN-Sirv Arbitrary File Upload (7.2.6)

Oracle JRE CVE-2014-0452 Vulnerability (CVE-2014-0452)

WordPress Plugin WP Mega Menu Security Bypass (1.3.9)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17858)

Severity

High

Classification

CVE-2018-19994 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities