CVE-2018-9019

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...

CVE-2018-9019

Dolibarr before 7.0.2 is vulnerable to SQL Injection via the sortfield parameter in multiple admin scripts (e.g., accountmodel.php, categories_list.php, journals_list.php, dict.php, mails_templates.php, website.php). The underlying issue is unsafely concatenated SQL in these endpoints, enabling r...