Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged malicious user to execute arbitrary code via a crafted command/script.
Dolibarr Dolibarr Erp\\/crm
8.8
CVSSv3
CVE-2023-38887
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote malicious user to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
Dolibarr Dolibarr Erp\\/crm
9.6
CVSSv3
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote malicious user to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
Dolibarr Dolibarr Erp\\/crm
7.5
CVSSv3
CVE-2023-33568
An issue in Dolibarr 16 prior to 16.0.5 allows unauthenticated malicious users to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Dolibarr Dolibarr Erp\\/crm
8.8
CVSSv3
CVE-2023-30253
Dolibarr prior to 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Dolibarr Dolibarr Erp\\/crm
3 Github repositories
9.8
CVSSv3
CVE-2022-4933
A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launc...
Atm-consulting Dolibarr Module Quicksupplierprice
6.5
CVSSv3
CVE-2022-4766
A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading t...
Dolibarr Project Timesheet Project Dolibarr Project Timesheet
9.8
CVSSv3
CVE-2022-4093
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regul...
Dolibarr Dolibarr Erp\\/crm 16.0.1
Dolibarr Dolibarr Erp\\/crm 16.0.2
9.8
CVSSv3
CVE-2022-43138
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows malicious users to escalate privileges via a crafted API.
Dolibarr Dolibarr Erp\\/crm
9.8
CVSSv3
CVE-2022-40871
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
Dolibarr Dolibarr Erp\\/crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »