Vulnerabilities > Dolibarr

DATE CVE VULNERABILITY TITLE RISK
2017-09-11 CVE-2017-14238 SQL Injection vulnerability in Dolibarr 6.0.0
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
network
low complexity
dolibarr CWE-89
7.5
7.5
2017-06-25 CVE-2017-9840 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
network
low complexity
dolibarr CWE-434
6.5
6.5
2017-06-05 CVE-2017-9435 SQL Injection vulnerability in Dolibarr
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
network
low complexity
dolibarr CWE-89
7.5
7.5
2017-05-10 CVE-2017-8879 Improper Authentication vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
low complexity
dolibarr CWE-287
6.8
6.8
2017-05-10 CVE-2017-7888 Inadequate Encryption Strength vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
network
low complexity
dolibarr CWE-326
critical
 9.8
9.8
2017-05-10 CVE-2017-7887 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
network
low complexity
dolibarr CWE-79
6.1
6.1
2017-05-10 CVE-2017-7886 SQL Injection vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2016-01-15 CVE-2016-1912 Cross-site Scripting vulnerability in Dolibarr
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.
network
dolibarr CWE-79
3.5
3.5
2016-01-15 CVE-2015-8685 Cross-site Scripting vulnerability in Dolibarr
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
network
dolibarr CWE-79
4.3
4.3
2015-06-10 CVE-2015-3935 Cross-site Scripting vulnerability in Dolibarr 3.5.0/3.6.0
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.
network
dolibarr CWE-79
4.3
4.3