Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the status_batch parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
490
VMScore
CVE-2020-13240
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Dolibarr Dolibarr Erp\\/crm 11.0.4
312
VMScore
CVE-2019-17577
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
312
VMScore
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
383
VMScore
CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
Dolibarr Dolibarr Erp\\/crm 10.0.2
435
VMScore
CVE-2014-3991
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) ma...
Dolibarr Dolibarr Erp\\/crm 3.5.3
1 EDB exploit
312
VMScore
CVE-2020-13828
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated malicious users to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card...
Dolibarr Dolibarr Erp\\/crm 11.0.4
668
VMScore
CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Dolibarr Dolibarr Erp\\/crm 13.0.2
312
VMScore
CVE-2017-1000509
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
Dolibarr Dolibarr Erp\\/crm 6.0.2
668
VMScore
CVE-2017-17897
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »