Vulnerabilities > Dolibarr > Dolibarr ERP CRM > 16.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-29 | CVE-2023-30253 | OS Command Injection vulnerability in Dolibarr Erp/Crm Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. | 8.8 |
2022-11-21 | CVE-2022-4093 | SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2 SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. | 9.8 |