Filtered by vendor Dolibarr
Subscriptions
Total
120 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | ||||
CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | ||||
CVE-2017-9840 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | ||||
CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | ||||
CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||||
CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | ||||
CVE-2018-19998 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | ||||
CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||||
CVE-2018-19993 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | ||||
CVE-2018-19995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. | ||||
CVE-2018-19799 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | ||||
CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | ||||
CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | ||||
CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | ||||
CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | ||||
CVE-2018-10092 | 1 Dolibarr | 1 Dolibarr | 2024-08-05 | N/A |
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | ||||
CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2024-08-05 | 9.8 Critical |
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | ||||
CVE-2019-1010016 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. | ||||
CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. |