Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-35136
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Dolibarr Dolibarr Erp\\/crm 12.0.3
9.8
CVSSv3
CVE-2018-13447
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the statut parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
9.8
CVSSv3
CVE-2018-13448
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the country_id parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
9.8
CVSSv3
CVE-2018-13449
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the statut_buy parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
9.8
CVSSv3
CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the status_batch parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
5.4
CVSSv3
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
Dolibarr Dolibarr Erp\\/crm 11.0.0
5.4
CVSSv3
CVE-2020-13828
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated malicious users to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card...
Dolibarr Dolibarr Erp\\/crm 11.0.4
5.4
CVSSv3
CVE-2019-17576
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-17578
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Dolibarr Dolibarr Erp\\/crm 11.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »