Search CVE reports
81 – 90 of 121 results
CVE-2018-19994
Medium priorityAn error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-19993
Low priorityA reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-19992
Low priorityA stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-19799
Low priorityDolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-13450
Medium prioritySQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-13449
Medium prioritySQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-13448
Medium prioritySQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-13447
Medium prioritySQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-9019
Medium prioritySQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-10095
Medium priorityCross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |