Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-03	CVE-2018-19994	SQL Injection vulnerability in Dolibarr Erp/Crm 8.0.2 An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. network low complexity dolibarr CWE-89	8.8
2019-01-03	CVE-2018-19993	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. network low complexity dolibarr CWE-79	6.1
2019-01-03	CVE-2018-19992	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2 A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. network low complexity dolibarr CWE-79	5.4
2018-12-26	CVE-2018-19799	Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. network low complexity dolibarr CWE-79	6.1
2018-07-08	CVE-2018-13450	SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. network low complexity dolibarr CWE-89 critical	9.8
2018-07-08	CVE-2018-13449	SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. network low complexity dolibarr CWE-89 critical	9.8
2018-07-08	CVE-2018-13448	SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. network low complexity dolibarr CWE-89 critical	9.8
2018-07-08	CVE-2018-13447	SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. network low complexity dolibarr CWE-89 critical	9.8
2018-05-22	CVE-2018-9019	SQL Injection vulnerability in multiple products SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. network low complexity dolibarr oracle CWE-89 critical	9.8
2018-05-22	CVE-2018-10095	Cross-site Scripting vulnerability in Dolibarr Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. network low complexity dolibarr CWE-79	6.1

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr