EPSS
Percentile
46.8%
Dolibarr ERP/CRM is vulnerable to SQL injection attacks. An attacker is able to execute arbitrary SQL commands via the statut_buy in parameter in product/card.php.
statut_buy
product/card.php
github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb