Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-11200
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious bi...
Dolibarr Dolibarr Erp\\/crm 9.0.1
756
VMScore
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a s...
Dolibarr Dolibarr Erp\\/crm 9.0.1
606
VMScore
CVE-2019-1010054
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vect...
Dolibarr Dolibarr Erp\\/crm 7.0.0
383
VMScore
CVE-2019-1010016
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
Dolibarr Dolibarr Erp\\/crm 6.0.4
383
VMScore
CVE-2018-16808
An issue exists in Dolibarr up to and including 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
Dolibarr Dolibarr
668
VMScore
CVE-2018-16809
An issue exists in Dolibarr up to and including 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Dolibarr Dolibarr
312
VMScore
CVE-2018-19992
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
383
VMScore
CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote malicious users to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
578
VMScore
CVE-2018-19994
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
Dolibarr Dolibarr Erp\\/crm 8.0.2
312
VMScore
CVE-2018-19995
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »