Vulnerabilities > Dolibarr > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-4197 | Injection vulnerability in Dolibarr Erp/Crm Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | 8.8 |
| 2023-09-20 | CVE-2023-38886 | Unspecified vulnerability in Dolibarr Erp/Crm An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | 7.2 |
| 2023-09-20 | CVE-2023-38887 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Erp/Crm File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | 8.8 |
| 2023-06-13 | CVE-2023-33568 | Files or Directories Accessible to External Parties vulnerability in Dolibarr Erp/Crm An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. | 7.5 |
| 2023-05-29 | CVE-2023-30253 | OS Command Injection vulnerability in Dolibarr Erp/Crm Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. | 8.8 |
| 2022-03-31 | CVE-2021-37517 | Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2 An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | 7.5 |
| 2022-03-31 | CVE-2021-36625 | SQL Injection vulnerability in Dolibarr Erp/Crm 13.0.2 An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | 8.8 |
| 2022-03-02 | CVE-2022-0819 | Unspecified vulnerability in Dolibarr Erp/Crm Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | 8.8 |
| 2021-08-17 | CVE-2021-25956 | Unspecified vulnerability in Dolibarr In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. | 7.2 |
| 2021-08-17 | CVE-2021-25957 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. | 8.8 |