Search CVE reports
1 – 10 of 123 results
CVE-2021-3991
Medium priorityAn Improper Authorization vulnerability exists in Dolibarr versions prior to the ‘develop’ branch. A user with restricted permissions in the ‘Reception’ section is able to access specific reception details via direct URL access,...
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-40137
Medium priorityDolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-37821
Medium priorityAn arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Not affected |
CVE-2024-34051
Medium priorityA Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid...
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-5315
Medium priorityVulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information...
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-5314
Medium priorityVulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information...
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-31503
Medium priorityIncorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users’ session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to...
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-29477
Medium priorityLack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-23817
Medium priorityDolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability...
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
CVE-2023-4198
Medium priorityImproper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
1 affected package
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Ignored | Needs evaluation |