Vulnerabilities > Dolibarr

DATE CVE VULNERABILITY TITLE RISK
2022-02-23 CVE-2022-0731 Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
network
low complexity
dolibarr CWE-639
6.5
2022-01-31 CVE-2022-0414 Unspecified vulnerability in Dolibarr Erp/Crm
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
network
low complexity
dolibarr
4.3
2022-01-14 CVE-2022-0224 SQL Injection vulnerability in Dolibarr Erp/Crm
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
dolibarr CWE-89
critical
9.8
2022-01-10 CVE-2022-0174 Unspecified vulnerability in Dolibarr Erp/Crm
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
network
low complexity
dolibarr
4.3
2022-01-02 CVE-2022-22293 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 7.0.2
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
network
low complexity
dolibarr CWE-79
5.4
2021-12-15 CVE-2021-42220 Cross-site Scripting vulnerability in Dolibarr
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow.
network
low complexity
dolibarr CWE-79
5.4
2021-11-10 CVE-2021-33618 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
network
low complexity
dolibarr CWE-79
6.1
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
critical
9.8
2021-08-17 CVE-2021-25956 Unspecified vulnerability in Dolibarr
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”.
network
low complexity
dolibarr
7.2
2021-08-17 CVE-2021-25957 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality.
network
low complexity
dolibarr CWE-640
8.8