Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33568
An issue in Dolibarr 16 prior to 16.0.5 allows unauthenticated malicious users to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2022-40871
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2023-5323
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr before 18.0.
Dolibarr Dolibarr Erp\\/crm
4
CVSSv2
CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
Dolibarr Dolibarr Erp\\/crm
7.5
CVSSv2
CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2023-4198
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Dolibarr Dolibarr Erp\\/crm
6.5
CVSSv2
CVE-2021-25956
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This lea...
Dolibarr Dolibarr
Dolibarr Dolibarr Erp\\/crm 3.3.0
3.5
CVSSv2
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
Dolibarr Dolibarr Erp\\/crm 11.0.0
4.3
CVSSv2
CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
Dolibarr Dolibarr Erp\\/crm 10.0.2
8.5
CVSSv2
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a s...
Dolibarr Dolibarr Erp\\/crm 9.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »