Vulnerabilities > Dolibarr > Dolibarr ERP CRM

DATE CVE VULNERABILITY TITLE RISK
2022-01-31 CVE-2022-0414 Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
network
low complexity
dolibarr CWE-1284
4.3
2022-01-14 CVE-2022-0224 SQL Injection vulnerability in Dolibarr Erp/Crm
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
dolibarr CWE-89
critical
9.8
2022-01-10 CVE-2022-0174 Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
network
low complexity
dolibarr CWE-1284
4.3
2022-01-02 CVE-2022-22293 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 7.0.2
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
network
low complexity
dolibarr CWE-79
5.4
2021-11-10 CVE-2021-33618 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
network
low complexity
dolibarr CWE-79
6.1
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
critical
9.8
2021-08-17 CVE-2021-25956 Unspecified vulnerability in Dolibarr
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”.
network
low complexity
dolibarr
7.2
2020-12-23 CVE-2020-35136 Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-88
7.2
2020-08-31 CVE-2020-13828 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
network
low complexity
dolibarr CWE-79
5.4
2020-06-19 CVE-2020-14475 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
network
low complexity
dolibarr CWE-79
6.1