Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Dolibarr Subscribe
Filtered by product Dolibarr Erp\/crm
Total 93 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13450 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
CVE-2018-13449 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
CVE-2018-13448 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVE-2018-13447 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVE-2017-9839 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.5 MEDIUM 8.8 HIGH
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVE-2017-9838 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 3.5 LOW 5.4 MEDIUM
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).
CVE-2017-18260 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.5 MEDIUM 8.8 HIGH
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVE-2017-18259 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 3.5 LOW 5.4 MEDIUM
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVE-2017-1000509 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 3.5 LOW 5.4 MEDIUM
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
CVE-2013-2093 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 10.0 HIGH 9.8 CRITICAL
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2013-2092 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2091 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2021-3991 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-19 N/A 4.3 MEDIUM
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.