Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp\/crm
Subscriptions
Total
87 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-4802 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-02-02 | N/A |
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | ||||
CVE-2022-4093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-23 | 9.8 Critical |
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected | ||||
CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 Medium |
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 9.8 Critical |
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | ||||
CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.5 Medium |
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
CVE-2018-19993 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | ||||
CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | ||||
CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | ||||
CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||||
CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | ||||
CVE-2013-2092 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.1 Medium |
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | ||||
CVE-2019-17578 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. | ||||
CVE-2013-2091 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 9.8 Critical |
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | ||||
CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | ||||
CVE-2019-16687 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | ||||
CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | ||||
CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
CVE-2019-17577 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. | ||||
CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. |