Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate malicious users to obtain access via an unattended workstation.
Dolibarr Dolibarr Erp\\/crm 4.0.4
760
VMScore
CVE-2012-1226
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote malicious users to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/ac...
Dolibarr Dolibarr Erp\\/crm 3.2.0
2 EDB exploits
383
VMScore
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
Dolibarr Dolibarr Erp\\/crm 10.0.6
312
VMScore
CVE-2020-11823
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
Dolibarr Dolibarr Erp\\/crm 10.0.6
312
VMScore
CVE-2017-1000509
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
Dolibarr Dolibarr Erp\\/crm 6.0.2
NA
CVE-2024-23817
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an malicious user to inject arbitrary HTML tags...
Dolibarr Dolibarr Erp\\/crm 18.0.4
668
VMScore
CVE-2018-13447
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the statut parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
668
VMScore
CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the status_batch parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
383
VMScore
CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
Dolibarr Dolibarr Erp\\/crm 10.0.2
383
VMScore
CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote malicious users to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »