Filtered by vendor Dolibarr
Subscribe
Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19998 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | |||||
| CVE-2018-19995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. | |||||
| CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | |||||
| CVE-2018-19993 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | |||||
| CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | |||||
| CVE-2018-19799 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | |||||
| CVE-2018-16809 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. | |||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | |||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | |||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||
| CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | |||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | |||||
| CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | |||||
| CVE-2018-10092 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 6.0 MEDIUM | 8.0 HIGH |
| The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | |||||
| CVE-2017-9840 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | |||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | |||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | |||||
| CVE-2017-9435 | 1 Dolibarr | 1 Dolibarr | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). | |||||
| CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | |||||