Filtered by vendor Dolibarr
Subscriptions
Total
118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4802 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-02-02 | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | ||||
| CVE-2022-4093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-23 | 9.8 Critical |
| SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected | ||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 Medium |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 9.8 Critical |
| dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | ||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.5 Medium |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | ||||
| CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | ||||
| CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | ||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
| CVE-2013-2092 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.1 Medium |
| Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | ||||
| CVE-2019-16685 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
| Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | ||||
| CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||||
| CVE-2013-2091 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 9.8 Critical |
| SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. | ||||
| CVE-2018-19995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. | ||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | ||||
| CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | ||||
| CVE-2019-17577 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 5.4 Medium |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. | ||||
| CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
| SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | ||||