Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr
Subscriptions
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14201 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 6.5 Medium |
| Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. | ||||
| CVE-2020-13094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.4 Medium |
| Dolibarr before 11.0.4 allows XSS. | ||||
| CVE-2020-12669 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 8.8 High |
| core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. | ||||
| CVE-2019-19212 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 9.8 Critical |
| Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | ||||
| CVE-2019-19211 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 6.1 Medium |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | ||||
| CVE-2019-19210 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.4 Medium |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | ||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 High |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | ||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | ||||
| CVE-2018-19799 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | ||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | ||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | ||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | ||||
| CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | ||||
| CVE-2018-10092 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | ||||
| CVE-2021-3991 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-19 | 4.3 Medium |
| An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions. | ||||