Vulnerabilities > Dolibarr > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2021-25957 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality.
network
low complexity
dolibarr CWE-640
8.8
2020-12-23 CVE-2020-35136 Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-88
7.2
2020-09-02 CVE-2020-14209 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution.
network
low complexity
dolibarr CWE-434
8.8
2020-06-18 CVE-2020-14443 SQL Injection vulnerability in Dolibarr
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
8.8
2020-05-06 CVE-2020-12669 Improper Input Validation vulnerability in Dolibarr
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
network
low complexity
dolibarr CWE-20
8.8
2020-04-16 CVE-2020-11825 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks.
network
low complexity
dolibarr CWE-352
8.8
2020-03-16 CVE-2019-19209 SQL Injection vulnerability in Dolibarr
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
network
low complexity
dolibarr CWE-89
7.5
2019-08-14 CVE-2019-15062 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 11.0.0
An issue was discovered in Dolibarr 11.0.0-alpha.
network
low complexity
dolibarr CWE-352
8.0
2019-07-29 CVE-2019-11201 Code Injection vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor.
network
low complexity
dolibarr CWE-94
8.0
2019-07-29 CVE-2019-11200 Unspecified vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file.
network
low complexity
dolibarr
8.8