Arbitrary SQL Command Execution Vulnerability in Dolibarr 8.0.2

Arbitrary SQL Command Execution Vulnerability in Dolibarr 8.0.2

CVE-2018-19994 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.