Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-14240
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
Dolibarr Dolibarr 6.0.0
3.5
CVSSv2
CVE-2017-14241
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
Dolibarr Dolibarr 6.0.0
6.5
CVSSv2
CVE-2017-9840
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
Dolibarr Dolibarr
7.5
CVSSv2
CVE-2017-9435
Dolibarr ERP/CRM prior to 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
Dolibarr Dolibarr
7.5
CVSSv2
CVE-2017-7886
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
4.3
CVSSv2
CVE-2017-7887
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
5
CVSSv2
CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
Dolibarr Dolibarr Erp\\/crm 4.0.4
4.6
CVSSv2
CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate malicious users to obtain access via an unattended workstation.
Dolibarr Dolibarr Erp\\/crm 4.0.4
3.5
CVSSv2
CVE-2016-1912
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.
Dolibarr Dolibarr
4.3
CVSSv2
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10