Critical severity9.8NVD Advisory· Published May 22, 2018· Updated Jun 17, 2026
CVE-2018-9019
CVE-2018-9019
Description
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | < 7.0.2 | 7.0.2 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739nvdPatchWEB
- github.com/advisories/GHSA-fff9-m6f6-q3mhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-9019ghsaADVISORY
- www.oracle.com/security-alerts/cpujan2021.htmlnvdThird Party AdvisoryWEB
- github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLognvdRelease NotesWEB
News mentions
0No linked articles in our index yet.