Filtered by vendor Dolibarr
Subscribe
Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4802 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-02-02 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | |||||
| CVE-2022-4093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-23 | N/A | 9.8 CRITICAL |
| SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected | |||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2013-2093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 9.0 HIGH | 7.2 HIGH |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | |||||
| CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | |||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | |||||
| CVE-2019-16688 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) | |||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | |||||
| CVE-2018-19993 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | |||||
| CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | |||||
| CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | |||||
| CVE-2021-33816 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | |||||
| CVE-2019-17576 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. | |||||
| CVE-2019-16197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. | |||||
| CVE-2020-11823 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. | |||||