Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp\/crm
Subscriptions
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4329 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. | ||||
| CVE-2012-1226 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. | ||||
| CVE-2024-5314 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | 9.1 Critical |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php. | ||||
| CVE-2024-5315 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | 9.1 Critical |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php. | ||||
| CVE-2024-29477 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-03-28 | 8.8 High |
| Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input. | ||||
| CVE-2024-55228 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-02-19 | 9 Critical |
| A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. | ||||
| CVE-2024-55227 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-02-19 | 9 Critical |
| A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter. | ||||
| CVE-2023-30253 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-01-14 | 8.8 High |
| Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. | ||||
| CVE-2023-33568 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-01-03 | 7.5 High |
| An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. | ||||
| CVE-2024-40137 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.5 Medium |
| Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function. | ||||
| CVE-2023-5842 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | ||||
| CVE-2023-5323 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | ||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | ||||
| CVE-2023-4197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.5 High |
| Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | ||||
| CVE-2023-38888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 9.6 Critical |
| Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. | ||||
| CVE-2023-38887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | ||||
| CVE-2023-38886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | ||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | ||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-22293 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. | ||||