Vulnerabilities > Dolibarr > Dolibarr ERP CRM > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-16 CVE-2020-11825 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks.
network
low complexity
dolibarr CWE-352
8.8
8.8
2019-08-14 CVE-2019-15062 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 11.0.0
An issue was discovered in Dolibarr 11.0.0-alpha.
network
low complexity
dolibarr CWE-352
8.0
8.0
2019-07-29 CVE-2019-11201 Code Injection vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor.
network
low complexity
dolibarr CWE-94
8.0
8.0
2019-07-29 CVE-2019-11200 Unspecified vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file.
network
low complexity
dolibarr
8.8
8.8
2019-07-18 CVE-2019-1010054 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 7.0.0
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF).
network
low complexity
dolibarr CWE-352
8.8
8.8
2019-01-03 CVE-2018-19998 SQL Injection vulnerability in Dolibarr Erp/Crm 8.0.2
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
network
low complexity
dolibarr CWE-89
8.8
8.8
2019-01-03 CVE-2018-19994 SQL Injection vulnerability in Dolibarr Erp/Crm 8.0.2
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
network
low complexity
dolibarr CWE-89
8.8
8.8
2018-04-11 CVE-2017-9839 SQL Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
network
low complexity
dolibarr CWE-89
8.8
8.8
2018-04-11 CVE-2017-18260 SQL Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
network
low complexity
dolibarr CWE-89
8.8
8.8
2017-12-27 CVE-2017-17898 Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
network
low complexity
dolibarr CWE-200
7.5
7.5