Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
Dolibarr Dolibarr Erp\\/crm
9.8
CVSSv3
CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Dolibarr Dolibarr Erp\\/crm
4.3
CVSSv3
CVE-2022-0414
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr before 16.0.
Dolibarr Dolibarr Erp\\/crm
5.4
CVSSv3
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions prior to 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month...
Dolibarr Dolibarr Erp\\/crm
8.8
CVSSv3
CVE-2017-9839
Dolibarr ERP/CRM is affected by SQL injection in versions prior to 5.0.4 via product/stats/card.php (type parameter).
Dolibarr Dolibarr Erp\\/crm
7.5
CVSSv3
CVE-2023-33568
An issue in Dolibarr 16 prior to 16.0.5 allows unauthenticated malicious users to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Dolibarr Dolibarr Erp\\/crm
9.8
CVSSv3
CVE-2022-40871
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
Dolibarr Dolibarr Erp\\/crm
4.8
CVSSv3
CVE-2023-5842
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr before 16.0.5.
Dolibarr Dolibarr Erp\\/crm
9.8
CVSSv3
CVE-2017-7886
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr Dolibarr Erp\\/crm 4.0.4
9.8
CVSSv3
CVE-2017-17897
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »