Miggo Logo
Miggo Vulnerability Database
CVE-2018-19994

CVE-2018-19994:
Dolibarr error-based SQL injection vulnerability in product/card.php

8.8

CVSS Score

Basic Information

CVE ID
CVE-2018-19994
GHSA ID
GHSA-78hj-952q-99rw
EPSS Score
-
CWE
CWE-89
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer< 8.0.48.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows critical changes in the Product::update method where multiple SQL query parameters (including desiredstock) were modified to add (int) type casting. The original vulnerable code directly embedded user-controlled $this->desiredstock into the SQL query without validation, allowing arbitrary SQL execution. The patch explicitly addresses this by enforcing integer casting, confirming this was the injection vector. The function's role in building UPDATE queries with user inputs makes it the clear entry point for this SQLi vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *rror-**s** SQL inj**tion vuln*r**ility in pro*u*t/**r*.p*p in *oli**rr v*rsion *.*.* *llows r*mot* *ut**nti**t** us*rs to *x**ut* *r*itr*ry SQL *omm*n*s vi* t** **sir**sto*k p*r*m*t*r.

Reasoning

T** *ommit *i** s*ows *riti**l ***n**s in t** Pro*u*t::up**t* m*t*o* w**r* multipl* SQL qu*ry p*r*m*t*rs (in*lu*in* **sir**sto*k) w*r* mo*i*i** to *** (int) typ* **stin*. T** ori*in*l vuln*r**l* *o** *ir**tly *m****** us*r-*ontroll** $t*is->**sir**st