Vulnerabilities > Dolibarr

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2021-25954 Incorrect Authorization vulnerability in Dolibarr
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor.
network
low complexity
dolibarr CWE-863
4.3
2020-12-23 CVE-2020-35136 Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-88
7.2
2020-09-02 CVE-2020-14209 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution.
network
low complexity
dolibarr CWE-434
6.5
2020-08-31 CVE-2020-13828 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
network
low complexity
dolibarr CWE-79
5.4
2020-08-21 CVE-2020-14201 Improper Privilege Management vulnerability in Dolibarr
Dolibarr CRM before 11.0.5 allows privilege escalation.
network
low complexity
dolibarr CWE-269
4.0
2020-06-19 CVE-2020-14475 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
network
low complexity
dolibarr CWE-79
6.1
2020-06-18 CVE-2020-14443 SQL Injection vulnerability in Dolibarr
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
6.5
2020-05-20 CVE-2020-13240 Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions.
network
low complexity
dolibarr CWE-276
5.4
2020-05-20 CVE-2020-13239 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link.
network
low complexity
dolibarr CWE-79
5.4
2020-05-18 CVE-2020-13094 Cross-site Scripting vulnerability in Dolibarr
Dolibarr before 11.0.4 allows XSS.
network
dolibarr CWE-79
3.5