Vulnerabilities > Dolibarr

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-35136 Command Injection vulnerability in Dolibarr 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-77
critical
9.0
2020-09-02 CVE-2020-14209 Unrestricted Upload of File With Dangerous Type vulnerability in Dolibarr
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution.
network
low complexity
dolibarr CWE-434
6.5
2020-08-31 CVE-2020-13828 Cross-Site Scripting vulnerability in Dolibarr 11.0.4
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
network
dolibarr CWE-79
3.5
2020-08-21 CVE-2020-14201 Improper Privilege Management vulnerability in Dolibarr
Dolibarr CRM before 11.0.5 allows privilege escalation.
network
low complexity
dolibarr CWE-269
4.0
2020-06-19 CVE-2020-14475 Cross-Site Scripting vulnerability in Dolibarr 11.0.3
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
network
dolibarr CWE-79
4.3
2020-06-18 CVE-2020-14443 SQL Injection vulnerability in Dolibarr
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
6.5
2020-05-20 CVE-2020-13240 Incorrect Default Permissions vulnerability in Dolibarr 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions.
network
low complexity
dolibarr CWE-276
5.5
2020-05-20 CVE-2020-13239 Cross-Site Scripting vulnerability in Dolibarr 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link.
network
dolibarr CWE-79
3.5
2020-05-18 CVE-2020-13094 Cross-Site Scripting vulnerability in Dolibarr
Dolibarr before 11.0.4 allows XSS.
network
dolibarr CWE-79
3.5
2020-05-06 CVE-2020-12669 Incorrect Authorization vulnerability in Dolibarr
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
network
low complexity
dolibarr CWE-863
6.5