Vulnerabilities > Dolibarr > Dolibarr ERP CRM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17898 | Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-12-27 | CVE-2017-17897 | SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4 SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
| 2017-05-10 | CVE-2017-8879 | Improper Authentication vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | 6.8 |
| 2017-05-10 | CVE-2017-7888 | Inadequate Encryption Strength vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | 9.8 |
| 2017-05-10 | CVE-2017-7887 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | 6.1 |
| 2017-05-10 | CVE-2017-7886 | SQL Injection vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | 9.8 |