Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp\/crm
Subscriptions
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-17 | N/A |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | ||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-17 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | ||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-09-16 | 4.7 Medium |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | ||||
| CVE-2012-1225 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. | ||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | ||||
| CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | ||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | ||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | ||||
| CVE-2023-5842 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | ||||
| CVE-2023-4197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-05 | 7.5 High |
| Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | ||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-05 | 6.5 Medium |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | ||||
| CVE-2011-4802 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-07 | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | ||||
| CVE-2011-4814 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-07 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. | ||||
| CVE-2011-4329 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-07 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. | ||||
| CVE-2012-1226 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | N/A |
| Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. | ||||
| CVE-2013-2092 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | 6.1 Medium |
| Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | ||||
| CVE-2013-2093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | 9.8 Critical |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2013-2091 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | 9.8 Critical |
| SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | ||||
| CVE-2014-3991 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. | ||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | ||||