-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input sanitization using Dolibarr's GETPOST function. The commit patching CVE-2018-19992 shows critical changes from 'alpha' to stricter filters ('alphanohtml', 'intcomma', 'none'). The 'alpha' filter allows letters and some special characters but doesn't strip HTML tags, while the un-filtered parameters allowed direct script injection. The vulnerable functions are specifically the GETPOST calls with insufficient filtering in card.php (address/town) and type.php (type/comment/mail_valid) that were modified in the security fix.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | < 8.0.4 | 8.0.4 |