github.com/Dolibarr/dolibarr is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL queries in the application via the qty
and value_unit
parameters in the expense reports module due to a lack of input validation and sanitization.