Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-14209
Dolibarr prior to 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files b...
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2021-42220
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr prior to 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
Dolibarr Dolibarr
1 Github repository
6.5
CVSSv2
CVE-2020-14443
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2020-12669
core/get_menudiv.php in Dolibarr prior to 11.0.4 allows remote authenticated malicious users to bypass intended access restrictions via a non-alphanumeric menu parameter.
Dolibarr Dolibarr
4
CVSSv2
CVE-2021-25954
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at &ldqu...
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2021-25955
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoin...
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2021-25957
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when request...
Dolibarr Dolibarr
4.3
CVSSv2
CVE-2018-16808
An issue exists in Dolibarr up to and including 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
Dolibarr Dolibarr
4
CVSSv2
CVE-2020-14201
Dolibarr CRM prior to 11.0.5 allows privilege escalation. This could allow remote authenticated malicious users to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2020-13094
Dolibarr prior to 11.0.4 allows XSS.
Dolibarr Dolibarr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »