Arbitrary SQL Command Execution in Dolibarr before 7.0.2

CVE-2018-10094 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.

Learn more about our Web Application Penetration Testing UK.