Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-14239
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, ...
Dolibarr Dolibarr 6.0.0
668
VMScore
CVE-2017-14242
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote malicious users to execute arbitrary SQL commands via the statut parameter.
Dolibarr Dolibarr 6.0.0
445
VMScore
CVE-2017-14240
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
Dolibarr Dolibarr 6.0.0
668
VMScore
CVE-2017-14238
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote malicious users to execute arbitrary SQL commands via the menuId parameter.
Dolibarr Dolibarr 6.0.0
312
VMScore
CVE-2017-14241
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
Dolibarr Dolibarr 6.0.0
578
VMScore
CVE-2022-0819
Code Injection in GitHub repository dolibarr/dolibarr before 15.0.1.
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2023-5842
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr before 16.0.5.
Dolibarr Dolibarr Erp\\/crm
312
VMScore
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions prior to 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month...
Dolibarr Dolibarr Erp\\/crm
578
VMScore
CVE-2017-9839
Dolibarr ERP/CRM is affected by SQL injection in versions prior to 5.0.4 via product/stats/card.php (type parameter).
Dolibarr Dolibarr Erp\\/crm
NA
CVE-2023-33568
An issue in Dolibarr 16 prior to 16.0.5 allows unauthenticated malicious users to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Dolibarr Dolibarr Erp\\/crm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »