Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-11200
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious bi...
Dolibarr Dolibarr Erp\\/crm 9.0.1
7.2
CVSSv3
CVE-2020-35136
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Dolibarr Dolibarr Erp\\/crm 12.0.3
9.8
CVSSv3
CVE-2017-17897
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
7.5
CVSSv3
CVE-2017-17898
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote malicious users to obtain sensitive information.
Dolibarr Dolibarr Erp\\/crm 6.0.4
9.8
CVSSv3
CVE-2017-17899
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the rowid parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
9.8
CVSSv3
CVE-2017-17900
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the socid parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
5.4
CVSSv3
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16687
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16688
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »