Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr prior to 7.0.2 allows remote malicious users to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
Dolibarr Dolibarr
5.4
CVSSv3
CVE-2021-42220
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr prior to 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
Dolibarr Dolibarr
1 Github repository
6.5
CVSSv3
CVE-2020-14201
Dolibarr CRM prior to 11.0.5 allows privilege escalation. This could allow remote authenticated malicious users to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Dolibarr Dolibarr
9.8
CVSSv3
CVE-2017-9435
Dolibarr ERP/CRM prior to 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
Dolibarr Dolibarr
8.8
CVSSv3
CVE-2020-14209
Dolibarr prior to 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files b...
Dolibarr Dolibarr
8.8
CVSSv3
CVE-2020-14443
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr
6.1
CVSSv3
CVE-2018-16808
An issue exists in Dolibarr up to and including 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
Dolibarr Dolibarr
6.1
CVSSv3
CVE-2018-19799
Dolibarr ERP/CRM up to and including 8.0.3 has /exports/export.php?datatoexport= XSS.
Dolibarr Dolibarr
5.4
CVSSv3
CVE-2020-13094
Dolibarr prior to 11.0.4 allows XSS.
Dolibarr Dolibarr
9.8
CVSSv3
CVE-2018-16809
An issue exists in Dolibarr up to and including 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Dolibarr Dolibarr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »