Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-4197
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an malicious user to inject and evaluate arbitrary PHP code.
Dolibarr Dolibarr Erp\\/crm
8.8
CVSSv3
CVE-2017-9839
Dolibarr ERP/CRM is affected by SQL injection in versions prior to 5.0.4 via product/stats/card.php (type parameter).
Dolibarr Dolibarr Erp\\/crm
4.3
CVSSv3
CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
Dolibarr Dolibarr Erp\\/crm
9.8
CVSSv3
CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Dolibarr Dolibarr Erp\\/crm
4.3
CVSSv3
CVE-2022-0414
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr before 16.0.
Dolibarr Dolibarr Erp\\/crm
9.6
CVSSv3
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote malicious user to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
Dolibarr Dolibarr Erp\\/crm
8.8
CVSSv3
CVE-2023-30253
Dolibarr prior to 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Dolibarr Dolibarr Erp\\/crm
4.3
CVSSv3
CVE-2022-0746
Business Logic Errors in GitHub repository dolibarr/dolibarr before 16.0.
Dolibarr Dolibarr Erp\\/crm
8.8
CVSSv3
CVE-2022-0819
Code Injection in GitHub repository dolibarr/dolibarr before 15.0.1.
Dolibarr Dolibarr Erp\\/crm
5.4
CVSSv3
CVE-2017-18259
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions up to and including 7.0.0.
Dolibarr Dolibarr Erp\\/crm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »