Vulnerabilities > Dolibarr > Dolibarr ERP CRM

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-38888 Cross-site Scripting vulnerability in Dolibarr Erp/Crm
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
network
low complexity
dolibarr CWE-79
critical
 9.6
9.6
2023-06-13 CVE-2023-33568 Files or Directories Accessible to External Parties vulnerability in Dolibarr Erp/Crm
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
network
low complexity
dolibarr CWE-552
7.5
7.5
2023-05-29 CVE-2023-30253 OS Command Injection vulnerability in Dolibarr Erp/Crm
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
network
low complexity
dolibarr CWE-78
8.8
8.8
2022-11-21 CVE-2022-4093 SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2022-11-17 CVE-2022-43138 Unspecified vulnerability in Dolibarr Erp/Crm
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
network
low complexity
dolibarr
critical
 9.8
9.8
2022-10-12 CVE-2022-40871 Code Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2022-06-13 CVE-2022-2060 Cross-site Scripting vulnerability in Dolibarr Erp/Crm
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
network
low complexity
dolibarr CWE-79
5.4
5.4
2022-06-08 CVE-2022-30875 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 12.0.5
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
network
low complexity
dolibarr CWE-79
6.1
6.1
2022-03-31 CVE-2021-37517 Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.
network
low complexity
dolibarr CWE-863
7.5
7.5
2022-03-31 CVE-2021-36625 SQL Injection vulnerability in Dolibarr Erp/Crm 13.0.2
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
network
low complexity
dolibarr CWE-89
8.8
8.8