Vulnerabilities > Dolibarr > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-35136 Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-88
7.2
7.2
2020-09-02 CVE-2020-14209 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution.
network
low complexity
dolibarr CWE-434
8.8
8.8
2020-06-18 CVE-2020-14443 SQL Injection vulnerability in Dolibarr
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
8.8
8.8
2020-05-06 CVE-2020-12669 Improper Input Validation vulnerability in Dolibarr
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
network
low complexity
dolibarr CWE-20
8.8
8.8
2020-04-16 CVE-2020-11825 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks.
network
low complexity
dolibarr CWE-352
8.8
8.8
2020-03-16 CVE-2019-19209 SQL Injection vulnerability in Dolibarr
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
network
low complexity
dolibarr CWE-89
7.5
7.5
2019-08-14 CVE-2019-15062 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 11.0.0
An issue was discovered in Dolibarr 11.0.0-alpha.
network
low complexity
dolibarr CWE-352
8.0
8.0
2019-07-29 CVE-2019-11201 Code Injection vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor.
network
low complexity
dolibarr CWE-94
8.0
8.0
2019-07-29 CVE-2019-11200 Unspecified vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file.
network
low complexity
dolibarr
8.8
8.8
2019-07-18 CVE-2019-1010054 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 7.0.0
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF).
network
low complexity
dolibarr CWE-352
8.8
8.8