Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33568
An issue in Dolibarr 16 prior to 16.0.5 allows unauthenticated malicious users to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2023-30253
Dolibarr prior to 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2022-4093
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regul...
Dolibarr Dolibarr Erp\\/crm 16.0.1
Dolibarr Dolibarr Erp\\/crm 16.0.2
NA
CVE-2022-43138
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows malicious users to escalate privileges via a crafted API.
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2022-40871
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
Dolibarr Dolibarr Erp\\/crm
3.5
CVSSv2
CVE-2022-2060
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr before 16.0.
Dolibarr Dolibarr Erp\\/crm
4.3
CVSSv2
CVE-2022-30875
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
Dolibarr Dolibarr Erp\\/crm 12.0.5
5
CVSSv2
CVE-2021-37517
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.
Dolibarr Dolibarr Erp\\/crm 13.0.2
6.5
CVSSv2
CVE-2021-36625
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
Dolibarr Dolibarr Erp\\/crm 13.0.2
6.5
CVSSv2
CVE-2022-0819
Code Injection in GitHub repository dolibarr/dolibarr before 15.0.1.
Dolibarr Dolibarr Erp\\/crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »