Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp\/crm
Subscriptions
Total
87 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | ||||
CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | ||||
CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | ||||
CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | ||||
CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||||
CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | ||||
CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | ||||
CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | ||||
CVE-2018-19993 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | ||||
CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||||
CVE-2018-19995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. | ||||
CVE-2018-19998 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | ||||
CVE-2019-1010016 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. | ||||
CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | N/A |
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. | ||||
CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-10-03 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | ||||
CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-10-03 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | ||||
CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-10-03 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | ||||
CVE-2021-37517 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-04-11 | 7.5 High |
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | ||||
CVE-2021-36625 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-04-11 | 8.8 High |
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. |