Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2018-9019
Reference:
CVE-2018-9019
Title:
Dolibarr Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php /accountancy/admin/categories_list.php /accountancy/admin/journals_list.php /admin/dict.php /admin/mails_templates.php or /admin/website.php.