An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | ge | 3.8 | |
dolibarr/dolibarr | le | 7.0.0 |