Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2014-3992
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
Dolibarr Dolibarr Erp\\/crm 3.5.3
1 EDB exploit
6.5
CVSSv2
CVE-2011-4802
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4...
Dolibarr Dolibarr Erp\\/crm 2.9.0
Dolibarr Dolibarr Erp\\/crm 2.8.1
Dolibarr Dolibarr Erp\\/crm
Dolibarr Dolibarr Erp\\/crm 2.6.0
Dolibarr Dolibarr Erp\\/crm 3.0.0
Dolibarr Dolibarr Erp\\/crm 2.7.1
Dolibarr Dolibarr Erp\\/crm 2.6.1
Dolibarr Dolibarr Erp\\/crm 2.5.0
Dolibarr Dolibarr Erp\\/crm 2.7.0
Dolibarr Dolibarr Erp\\/crm 2.8.0
Dolibarr Dolibarr Erp\\/crm 3.0.1
3 EDB exploits
6
CVSSv2
CVE-2019-15062
An issue exists in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check t...
Dolibarr Dolibarr Erp\\/crm 11.0.0
6
CVSSv2
CVE-2018-10092
The admin panel in Dolibarr prior to 7.0.2 might allow remote malicious users to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
Dolibarr Dolibarr
5.5
CVSSv2
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Dolibarr Dolibarr Erp\\/crm 11.0.4
5
CVSSv2
CVE-2021-37517
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.
Dolibarr Dolibarr Erp\\/crm 13.0.2
5
CVSSv2
CVE-2019-19209
Dolibarr ERP/CRM prior to 10.0.3 allows SQL Injection.
Dolibarr Dolibarr
5
CVSSv2
CVE-2017-17898
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote malicious users to obtain sensitive information.
Dolibarr Dolibarr Erp\\/crm 6.0.4
5
CVSSv2
CVE-2017-14240
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
Dolibarr Dolibarr 6.0.0
5
CVSSv2
CVE-2017-7888
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
Dolibarr Dolibarr Erp\\/crm 4.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »