Vulnerabilities > Dolibarr > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-38888 Cross-site Scripting vulnerability in Dolibarr Erp/Crm
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
network
low complexity
dolibarr CWE-79
critical
 9.6
9.6
2022-11-21 CVE-2022-4093 SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2022-11-17 CVE-2022-43138 Unspecified vulnerability in Dolibarr Erp/Crm
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
network
low complexity
dolibarr
critical
 9.8
9.8
2022-10-12 CVE-2022-40871 Code Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2022-01-14 CVE-2022-0224 SQL Injection vulnerability in Dolibarr Erp/Crm
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2021-08-15 CVE-2021-25955 Cross-site Scripting vulnerability in Dolibarr
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2020-03-16 CVE-2019-19212 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
network
low complexity
dolibarr CWE-79
critical
 9.8
9.8
2020-01-26 CVE-2020-7995 Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
network
low complexity
dolibarr CWE-307
critical
 9.8
9.8
2019-11-20 CVE-2013-2093 Improper Input Validation vulnerability in Dolibarr Erp/Crm 3.3.1
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
network
low complexity
dolibarr CWE-20
critical
 9.8
9.8