Dolibarr is vulnerable to SQL injection attacks. The attacks exist because it does not properly sanitize the viewstatut and
propal_statut(aka
search_statut) parameters in
comm/propal/list.php`, allowing the authenticated user to inject arbitrary SQL code through it.