CVE-2018-16809: Dolibarr SQL injection via the integer parameters qty and value_unit

Severity: Critical

CVSS Score: 9.8

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.