Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp\/crm
Subscriptions
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3991 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-19 | 4.3 Medium |
| An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions. | ||||
| CVE-2023-38886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-25 | 7.2 High |
| An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | ||||
| CVE-2023-38888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-25 | 9.6 Critical |
| Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. | ||||
| CVE-2023-38887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-25 | 8.8 High |
| File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | ||||
| CVE-2023-5323 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-09-20 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | ||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-17 | N/A |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | ||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-17 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | ||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-09-16 | 4.7 Medium |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | ||||
| CVE-2012-1225 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. | ||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | ||||
| CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | ||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | ||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-16 | N/A |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | ||||
| CVE-2023-5842 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | ||||
| CVE-2023-4197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-05 | 7.5 High |
| Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | ||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-09-05 | 6.5 Medium |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | ||||
| CVE-2011-4802 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-07 | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | ||||
| CVE-2011-4814 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-07 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. | ||||
| CVE-2011-4329 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-07 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. | ||||
| CVE-2012-1226 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-06 | N/A |
| Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. | ||||