Vulnerabilities > Dolibarr > Dolibarr ERP CRM > 16.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-05-29 CVE-2023-30253 OS Command Injection vulnerability in Dolibarr Erp/Crm
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
network
low complexity
dolibarr CWE-78
8.8
2022-11-21 CVE-2022-4093 SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
network
low complexity
dolibarr CWE-89
critical
9.8