Vulnerabilities > Dolibarr > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-19998 SQL Injection vulnerability in Dolibarr Erp/Crm 8.0.2
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
network
low complexity
dolibarr CWE-89
8.8
8.8
2019-01-03 CVE-2018-19994 SQL Injection vulnerability in Dolibarr Erp/Crm 8.0.2
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
network
low complexity
dolibarr CWE-89
8.8
8.8
2018-05-22 CVE-2018-10092 Missing Authorization vulnerability in Dolibarr
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
network
low complexity
dolibarr CWE-862
8.0
8.0
2018-04-11 CVE-2017-9839 SQL Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
network
low complexity
dolibarr CWE-89
8.8
8.8
2018-04-11 CVE-2017-18260 SQL Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
network
low complexity
dolibarr CWE-89
8.8
8.8
2017-12-27 CVE-2017-17898 Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
network
low complexity
dolibarr CWE-200
7.5
7.5
2017-09-11 CVE-2017-14240 Information Exposure vulnerability in Dolibarr 6.0.0
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
network
low complexity
dolibarr CWE-200
7.5
7.5
2017-06-25 CVE-2017-9840 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
network
low complexity
dolibarr CWE-434
8.8
8.8