Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-18259
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions up to and including 7.0.0.
Dolibarr Dolibarr Erp\\/crm
578
VMScore
CVE-2017-18260
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions up to and including 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
Dolibarr Dolibarr Erp\\/crm
578
VMScore
CVE-2017-9839
Dolibarr ERP/CRM is affected by SQL injection in versions prior to 5.0.4 via product/stats/card.php (type parameter).
Dolibarr Dolibarr Erp\\/crm
312
VMScore
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions prior to 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month...
Dolibarr Dolibarr Erp\\/crm
312
VMScore
CVE-2017-1000509
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
Dolibarr Dolibarr Erp\\/crm 6.0.2
384
VMScore
CVE-2017-17971
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
Dolibarr Dolibarr Erp\\/crm 6.0.4
2 Github repositories
668
VMScore
CVE-2017-17899
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the rowid parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
668
VMScore
CVE-2017-17897
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
445
VMScore
CVE-2017-17898
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote malicious users to obtain sensitive information.
Dolibarr Dolibarr Erp\\/crm 6.0.4
668
VMScore
CVE-2017-17900
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote malicious users to execute arbitrary SQL commands via the socid parameter.
Dolibarr Dolibarr Erp\\/crm 6.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »