High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-01	CVE-2023-4197	Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. network low complexity dolibarr CWE-74	8.8
2023-09-20	CVE-2023-38886	Unspecified vulnerability in Dolibarr Erp/Crm 8.0.2 An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. network low complexity dolibarr	7.2
2023-09-20	CVE-2023-38887	Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Erp/Crm File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. network low complexity dolibarr CWE-434	8.8
2023-06-13	CVE-2023-33568	Files or Directories Accessible to External Parties vulnerability in Dolibarr Erp/Crm 16.0.0/16.0.1/16.0.2 An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. network low complexity dolibarr CWE-552	7.5
2023-05-29	CVE-2023-30253	OS Command Injection vulnerability in Dolibarr Erp/Crm Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. network low complexity dolibarr CWE-78	8.8
2022-03-02	CVE-2022-0819	Unspecified vulnerability in Dolibarr Erp/Crm Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. network low complexity dolibarr	8.8
2021-08-17	CVE-2021-25956	Unspecified vulnerability in Dolibarr In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. network low complexity dolibarr	7.2
2020-12-23	CVE-2020-35136	Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3 Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. network low complexity dolibarr CWE-88	7.2
2020-04-16	CVE-2020-11825	Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. network low complexity dolibarr CWE-352	8.8
2019-08-14	CVE-2019-15062	Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 11.0.0 An issue was discovered in Dolibarr 11.0.0-alpha. network low complexity dolibarr CWE-352	8.0