Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34051
A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr prior to 19.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.
NA
CVE-2024-5314
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote malicious user to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters so...
NA
CVE-2024-5315
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote malicious user to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters vi...
NA
CVE-2024-31503
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated malicious users to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
NA
CVE-2024-29477
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
6.1
CVSSv3
CVE-2024-23817
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an malicious user to inject arbitrary HTML tags...
Dolibarr Dolibarr Erp/crm 18.0.4
6.5
CVSSv3
CVE-2023-4198
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Dolibarr Dolibarr Erp/crm
8.8
CVSSv3
CVE-2023-4197
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an malicious user to inject and evaluate arbitrary PHP code.
Dolibarr Dolibarr Erp/crm
1 Github repository
4.8
CVSSv3
CVE-2023-5842
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr before 16.0.5.
Dolibarr Dolibarr Erp/crm
6.1
CVSSv3
CVE-2023-5323
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr before 18.0.
Dolibarr Dolibarr Erp/crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »