CVE-2020-14443

Name of the Vulnerable Software and Affected Versions Dolibarr versions 11.0.4 and below

Description A SQL injection issue in the accountancy/customer/card.php file allows remote authenticated users to execute arbitrary SQL commands via the id parameter. This affects versions of Dolibarr up to and including 11.0.3, and potentially other versions below 11.0.4.

Recommendations For Dolibarr versions 11.0.4 and below, consider restricting access to the vulnerable id parameter in the accountancy/customer/card.php file until a patch is available. As a temporary workaround, avoid using the id parameter in the affected API endpoint.