Vulnerabilities > Dolibarr > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-22 CVE-2018-10094 SQL Injection vulnerability in Dolibarr
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
network
low complexity
dolibarr CWE-89
7.5
7.5
2017-12-27 CVE-2017-17898 Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
network
low complexity
dolibarr CWE-200
7.5
7.5
2017-09-11 CVE-2017-14242 SQL Injection vulnerability in Dolibarr 6.0.0
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
network
low complexity
dolibarr CWE-89
7.5
7.5
2017-09-11 CVE-2017-14238 SQL Injection vulnerability in Dolibarr 6.0.0
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
network
low complexity
dolibarr CWE-89
7.5
7.5
2017-06-05 CVE-2017-9435 SQL Injection vulnerability in Dolibarr
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
network
low complexity
dolibarr CWE-89
7.5
7.5