Vulnerabilities > Dolibarr > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-26 CVE-2020-7995 Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
network
low complexity
dolibarr CWE-307
critical
 9.8
9.8
2019-11-20 CVE-2013-2093 Improper Input Validation vulnerability in Dolibarr Erp/Crm 3.3.1
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
network
low complexity
dolibarr CWE-20
critical
 9.8
9.8
2019-11-20 CVE-2013-2091 SQL Injection vulnerability in Dolibarr Erp/Crm 3.3.1
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2019-03-07 CVE-2018-16809 SQL Injection vulnerability in Dolibarr
An issue was discovered in Dolibarr through 7.0.0.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13450 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13449 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13448 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13447 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-05-22 CVE-2018-9019 SQL Injection vulnerability in multiple products
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
network
low complexity
dolibarr oracle CWE-89
critical
 9.8
9.8
2018-05-22 CVE-2018-10094 SQL Injection vulnerability in Dolibarr
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8