Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Dolibarr Subscribe
Total 108 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4329 1 Dolibarr 1 Dolibarr Erp\/crm 2023-02-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php.
CVE-2011-4814 1 Dolibarr 1 Dolibarr Erp\/crm 2023-02-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.
CVE-2011-4802 1 Dolibarr 1 Dolibarr Erp\/crm 2023-02-02 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
CVE-2022-4093 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-23 N/A 9.8 CRITICAL
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
CVE-2022-43138 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-18 N/A 9.8 CRITICAL
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
CVE-2022-0819 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 6.5 MEDIUM 8.8 HIGH
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
CVE-2022-0414 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.0 MEDIUM 4.3 MEDIUM
Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.
CVE-2022-0746 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.0 MEDIUM 4.3 MEDIUM
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-0224 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2022-2060 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-0731 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.0 MEDIUM 6.5 MEDIUM
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-0174 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.0 MEDIUM 4.3 MEDIUM
dolibarr is vulnerable to Business Logic Errors
CVE-2017-17897 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-17898 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 5.0 MEDIUM 7.5 HIGH
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVE-2019-16686 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
CVE-2017-17899 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2014-3991 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php.
CVE-2018-19993 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
CVE-2020-7996 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
CVE-2019-16685 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.