Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-9435
Dolibarr ERP/CRM prior to 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2020-14209
Dolibarr prior to 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files b...
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2021-25955
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoin...
Dolibarr Dolibarr
4.3
CVSSv2
CVE-2018-16808
An issue exists in Dolibarr up to and including 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
Dolibarr Dolibarr
7.5
CVSSv2
CVE-2018-16809
An issue exists in Dolibarr up to and including 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2020-14443
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2020-12669
core/get_menudiv.php in Dolibarr prior to 11.0.4 allows remote authenticated malicious users to bypass intended access restrictions via a non-alphanumeric menu parameter.
Dolibarr Dolibarr
5
CVSSv2
CVE-2019-19209
Dolibarr ERP/CRM prior to 10.0.3 allows SQL Injection.
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2019-19210
Dolibarr ERP/CRM prior to 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Dolibarr Dolibarr
4
CVSSv2
CVE-2020-14201
Dolibarr CRM prior to 11.0.5 allows privilege escalation. This could allow remote authenticated malicious users to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Dolibarr Dolibarr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »