Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Dolibarr Subscribe
Total 108 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17577 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
CVE-2012-1226 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH N/A
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
CVE-2014-3991 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php.
CVE-2021-33816 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
CVE-2017-17899 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2020-7996 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
CVE-2017-17898 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 5.0 MEDIUM 7.5 HIGH
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVE-2019-17576 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
CVE-2017-17897 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2021-33618 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
CVE-2017-7887 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVE-2022-22293 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
CVE-2020-13239 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
CVE-2022-30875 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
CVE-2018-19993 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
CVE-2020-35136 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 9.0 HIGH 7.2 HIGH
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
CVE-2019-16686 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
CVE-2019-16685 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVE-2018-19994 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 6.5 MEDIUM 8.8 HIGH
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
CVE-2013-2091 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.