Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
| SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | ||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | ||||
| CVE-2018-10092 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
| The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | ||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2024-08-05 | 9.8 Critical |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | ||||
| CVE-2019-19210 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | 5.4 Medium |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | ||||
| CVE-2019-19212 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | 9.8 Critical |
| Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | ||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | 7.5 High |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | ||||
| CVE-2019-19211 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | 6.1 Medium |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | ||||
| CVE-2020-14443 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 8.8 High |
| A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2020-14209 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 8.8 High |
| Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). | ||||
| CVE-2020-14201 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 6.5 Medium |
| Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. | ||||
| CVE-2020-13094 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 5.4 Medium |
| Dolibarr before 11.0.4 allows XSS. | ||||
| CVE-2020-12669 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 8.8 High |
| core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. | ||||
| CVE-2021-42220 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. | ||||