Vulnerabilities > Dolibarr > Dolibarr ERP CRM > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-26 CVE-2020-7995 Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
network
low complexity
dolibarr CWE-307
critical
 9.8
9.8
2019-11-20 CVE-2013-2093 Improper Input Validation vulnerability in Dolibarr Erp/Crm 3.3.1
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
network
low complexity
dolibarr CWE-20
critical
 9.8
9.8
2019-11-20 CVE-2013-2091 SQL Injection vulnerability in Dolibarr Erp/Crm 3.3.1
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13447 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13448 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13449 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13450 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2017-12-27 CVE-2017-17897 SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2017-12-27 CVE-2017-17899 SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2017-12-27 CVE-2017-17900 SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8