Vulnerabilities (CVE)

Vendor filter

Dolibarr Subscribe

Product filter

Dolibarr Erp%2fcrm Subscribe

Filter

8 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11199 1 Dolibarr 1 Dolibarr Erp%2fcrm 2019-08-05 3.5
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same...
CVE-2019-11200 1 Dolibarr 1 Dolibarr Erp%2fcrm 2019-08-05 6.5
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary...
CVE-2019-11201 1 Dolibarr 1 Dolibarr Erp%2fcrm 2019-08-05 8.5
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host...
CVE-2018-13449 1 Dolibarr 1 Dolibarr Erp%2fcrm 2018-09-05 7.5
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
CVE-2018-13450 1 Dolibarr 1 Dolibarr Erp%2fcrm 2018-09-05 7.5
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
CVE-2018-13448 1 Dolibarr 1 Dolibarr Erp%2fcrm 2018-08-10 7.5
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVE-2017-18259 1 Dolibarr 1 Dolibarr Erp%2fcrm 2018-05-16 3.5
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVE-2017-18260 1 Dolibarr 1 Dolibarr Erp%2fcrm 2018-05-16 6.5
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).