Total
86 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | |||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | |||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | |||||
| CVE-2017-18260 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter). | |||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | |||||
| CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | |||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | |||||
| CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | |||||
| CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | |||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | |||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | |||||
| CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | |||||
| CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | |||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | |||||
| CVE-2014-3992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. | |||||