CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and...

9.8CVSS8.5AI score0.00707EPSS

Exploits1References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2018-16808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a...

6.1CVSS6.7AI score0.00199EPSS

Exploits1References2

CNVD•added 2025/06/11 12:0 a.m.•2 views

Daily Expense Tracker System /expense-reports-detailed.php File SQL Injection Vulnerability

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in the parameter fromdate/todate in the file...

8.8CVSS8.2AI score0.00197EPSS

Exploits1References1

CNNVD•added 2025/06/03 12:0 a.m.•2 views

PHPGurukul Daily Expense Tracker System 安全漏洞

8.8CVSS8AI score0.00197EPSS

Exploits1References2

Github Security Blog•added 2022/05/14 1:27 a.m.•23 views

Dolibarr SQL injection via the integer parameters qty and value_unit

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

9.8CVSS8.2AI score0.00707EPSS

Exploits1References3Affected Software1

OSV•added 2022/05/14 1:27 a.m.•14 views

GHSA-H34Q-878W-W96R Dolibarr SQL injection via the integer parameters qty and value_unit

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

9.8CVSS9.8AI score0.00707EPSS

Exploits1References3

Packet Storm•added 2020/08/06 12:0 a.m.•184 views

Daily Expenses Management System 1.0 SQL Injection

Exploit Title: Daily Expenses Management System 1.0 - Multiple SQL Injection Vulnerabilty Date: 2020-8-5 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...

0.1AI score

Exploits0

Veracode•added 2019/03/08 6:38 a.m.•16 views

SQL Injection

github.com/Dolibarr/dolibarr is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL queries in the application via the qty and valueunit parameters in the expense reports module due to a lack of input validation and sanitization...

9.8CVSS9.9AI score0.00707EPSS

Exploits1References1Affected Software1

Prion•added 2019/03/07 11:29 p.m.•15 views

Cross site scripting

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

4.3CVSS5.9AI score0.00199EPSS

Exploits1References1Affected Software1

OSV•added 2019/03/07 11:29 p.m.•1 views

UBUNTU-CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

9.8CVSS7.4AI score0.00707EPSS

Exploits1References3

OSV•added 2019/03/07 11:29 p.m.•22 views

CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

9.8CVSS7.9AI score

Exploits0References1

NVD•added 2019/03/07 11:29 p.m.•11 views

CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

6.1CVSS5.9AI score0.00199EPSS

Exploits1References1

Prion•added 2019/03/07 11:29 p.m.•19 views

Sql injection

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

7.5CVSS9.8AI score0.00707EPSS

Exploits1References1Affected Software1

UbuntuCve•added 2019/03/07 11:29 p.m.•22 views

CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

9.8CVSS7.3AI score0.00707EPSS

Exploits1References2

OSV•added 2019/03/07 11:29 p.m.•1 views

UBUNTU-CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

6.1CVSS7.3AI score0.00199EPSS

Exploits1References3

Cvelist•added 2019/03/07 10:0 p.m.•17 views

CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

6.2AI score0.00199EPSS

Exploits1References1

Cvelist•added 2019/03/07 10:0 p.m.•22 views

CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

9.9AI score0.00707EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by