Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-17898
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote malicious users to obtain sensitive information.
Dolibarr Dolibarr Erp\\/crm 6.0.4
7.5
CVSSv3
CVE-2017-14240
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
Dolibarr Dolibarr 6.0.0
7.2
CVSSv3
CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged malicious user to execute arbitrary code via a crafted command/script.
Dolibarr Dolibarr Erp\\/crm
7.2
CVSSv3
CVE-2021-25956
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This lea...
Dolibarr Dolibarr
Dolibarr Dolibarr Erp\\/crm 3.3.0
7.2
CVSSv3
CVE-2020-35136
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Dolibarr Dolibarr Erp\\/crm 12.0.3
6.8
CVSSv3
CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate malicious users to obtain access via an unattended workstation.
Dolibarr Dolibarr Erp\\/crm 4.0.4
6.5
CVSSv3
CVE-2023-4198
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Dolibarr Dolibarr Erp\\/crm
6.5
CVSSv3
CVE-2022-4766
A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. Upgrading t...
Dolibarr Project Timesheet Project Dolibarr Project Timesheet
6.5
CVSSv3
CVE-2022-0731
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr before 16.0.
Dolibarr Dolibarr Erp\\/crm
6.5
CVSSv3
CVE-2020-14201
Dolibarr CRM prior to 11.0.5 allows privilege escalation. This could allow remote authenticated malicious users to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Dolibarr Dolibarr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »