Description

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

Remediation

References

CVE-2018-13448

Related Vulnerabilities

WordPress Plugin Delete Duplicate Posts Security Bypass (4.1.9.4)

WordPress Plugin Simple Share Buttons Adder Multiple Vulnerabilities (4.4)

IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4157)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.4)

MySQL Other Vulnerability (CVE-2003-0073)

Severity

Critical

Classification

CVE-2018-13448 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities