CVE-2026-7688 | Dolibarr ERP CRM up to 23.0.2 Shipments API Endpoint expedition.class.php _checkValForAPI fields sql injection

A vulnerability was found in Dolibarr ERP CRM up to 23.0.2. It has been rated as critical. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-7688. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7688 | Dolibarr ERP CRM up to 23.0.2 Shipments API Endpoint expedition.class.php _checkValForAPI fields sql injection

Post correlati

CVE-2024-51701 | Mahesh Waghmare MG Post Contributors Plugin up to 1.3 on WordPress cross site scripting

CVE-2025-24791 | snowflakedb snowflake-connector-nodejs up to 2.0.1 Cache permissions

CVE-2025-62419 | DataEase up to 2.10.13 Data Source Configuration extraParams deserialization (GHSA-x4x9-mjcf-99r9)

CVE-2025-46290 | Apple macOS denial of service