Dolibarr is vulnerable to multiple SQL injection attacks. The search_country
, search_type_thirdparty
, viewstatut
, viewstatut
, search_sale
, and search_user
user-supplied values are not escaped before being placed into an SQL statement.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 5.0.4 |