Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-29	CVE-2023-30253	OS Command Injection vulnerability in Dolibarr Erp/Crm Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. network low complexity dolibarr CWE-78	8.8
2022-11-21	CVE-2022-4093	SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2 SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. network low complexity dolibarr CWE-89 critical	9.8
2022-11-17	CVE-2022-43138	Unspecified vulnerability in Dolibarr Erp/Crm Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. network low complexity dolibarr critical	9.8
2022-10-12	CVE-2022-40871	Code Injection vulnerability in Dolibarr Erp/Crm Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. network low complexity dolibarr CWE-94 critical	9.8
2022-06-13	CVE-2022-2060	Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. network low complexity dolibarr CWE-79	5.4
2022-06-08	CVE-2022-30875	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 12.0.5 Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. network low complexity dolibarr CWE-79	6.1
2022-03-31	CVE-2021-37517	Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2 An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. network low complexity dolibarr CWE-863	7.5
2022-03-31	CVE-2021-36625	SQL Injection vulnerability in Dolibarr Erp/Crm 13.0.2 An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. network low complexity dolibarr CWE-89	8.8
2022-03-02	CVE-2022-0819	Unspecified vulnerability in Dolibarr Erp/Crm Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. network low complexity dolibarr	8.8
2022-02-25	CVE-2022-0746	Unspecified vulnerability in Dolibarr Erp/Crm Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. network low complexity dolibarr	4.3

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr