dolibarr/dolibarr is vulnerable to SQL injection. A lack of validation on the desiredstock
parameter in product/card.php
allows a remote authenticated attacker to execute arbitrary SQL commands via an error-based SQL injection vulnerability. This vulnerability could potentially allow for remote code execution if there is write
permission in the directory within the web root.