Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-16809 - Vulnerability Database
            
		
	
    
                    Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-16809
            
    
        
								Critical
					
					        
        
            Reference:
            
                                CVE-2018-16809
            
        
                    
        
        
            Title:
            Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
        
        
            Overview:
            An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.