Search CVE reports


Toggle filters

1 – 10 of 123 results


CVE-2021-3991

Medium priority
Needs evaluation

An Improper Authorization vulnerability exists in Dolibarr versions prior to the ‘develop’ branch. A user with restricted permissions in the ‘Reception’ section is able to access specific reception details via direct URL access,...

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-40137

Medium priority
Needs evaluation

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-37821

Medium priority
Not affected

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-34051

Medium priority
Needs evaluation

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid...

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-5315

Medium priority
Needs evaluation

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information...

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-5314

Medium priority
Needs evaluation

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information...

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-31503

Medium priority
Needs evaluation

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users’ session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to...

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-29477

Medium priority
Needs evaluation

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-23817

Medium priority
Needs evaluation

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability...

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2023-4198

Medium priority
Needs evaluation

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data

1 affected package

dolibarr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dolibarr Not in release Not in release Not in release Ignored Needs evaluation
Show less packages