Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-15	CVE-2021-3991	Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. network low complexity dolibarr CWE-639	4.3
2024-01-25	CVE-2024-23817	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 18.0.4 Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. network low complexity dolibarr CWE-79	6.1
2023-11-01	CVE-2023-4198	Missing Authorization vulnerability in Dolibarr Erp/Crm Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data network low complexity dolibarr CWE-862	6.5
2023-11-01	CVE-2023-4197	Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. network low complexity dolibarr CWE-74	8.8
2023-10-30	CVE-2023-5842	Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. network low complexity dolibarr CWE-79	4.8
2023-10-01	CVE-2023-5323	Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. network low complexity dolibarr CWE-79	6.1
2023-09-20	CVE-2023-38886	Unspecified vulnerability in Dolibarr Erp/Crm 8.0.2 An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. network low complexity dolibarr	7.2
2023-09-20	CVE-2023-38887	Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Erp/Crm File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. network low complexity dolibarr CWE-434	8.8
2023-09-20	CVE-2023-38888	Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. network low complexity dolibarr CWE-79 critical	9.6
2023-06-13	CVE-2023-33568	Files or Directories Accessible to External Parties vulnerability in Dolibarr Erp/Crm 16.0.0/16.0.1/16.0.2 An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. network low complexity dolibarr CWE-552	7.5

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr