Detections
Analytics
SCA: security update for dolibarr/dolibarr (GHSA-78hj-952q-99rw)
high Tenable Cloud Security Plugin ID 432399
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote
authenticated users to execute arbitrary SQL commands via the desiredstock parameter. (CVE-2018-19994)
See Also
Plugin Details
Severity: High
ID: 432399
Version: Revision 1.2
Type: Local
Family: SCA Checks
Published: 8/8/2025
Updated: 8/8/2025
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
Vendor
Vendor Severity: High
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2018-19994
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 5/14/2022
Vulnerability Publication Date: 1/3/2019
Reference Information
CVE: CVE-2018-19994
cwe: CWE-89