Vulnerabilities > Dolibarr > Dolibarr ERP CRM > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-38888 Cross-site Scripting vulnerability in Dolibarr Erp/Crm
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
network
low complexity
dolibarr CWE-79
critical
 9.6
9.6
2022-11-21 CVE-2022-4093 SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2022-11-17 CVE-2022-43138 Unspecified vulnerability in Dolibarr Erp/Crm
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
network
low complexity
dolibarr
critical
 9.8
9.8
2022-10-12 CVE-2022-40871 Code Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2022-01-14 CVE-2022-0224 SQL Injection vulnerability in Dolibarr Erp/Crm
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2020-01-26 CVE-2020-7995 Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
network
low complexity
dolibarr CWE-307
critical
 9.8
9.8
2019-11-20 CVE-2013-2093 Improper Input Validation vulnerability in Dolibarr Erp/Crm 3.3.1
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
network
low complexity
dolibarr CWE-20
critical
 9.8
9.8
2019-11-20 CVE-2013-2091 SQL Injection vulnerability in Dolibarr Erp/Crm 3.3.1
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13447 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8