Dolibarr

Dolibarr Erp/crm

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-67486

Exploit
  • EPSS 0.32%
  • Veröffentlicht 08.05.2026 14:21:55
  • Zuletzt bearbeitet 12.05.2026 20:54:07

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-contr...

9.1

CVE-2026-23500

Exploit
  • EPSS 0.11%
  • Veröffentlicht 17.04.2026 20:25:49
  • Zuletzt bearbeitet 01.05.2026 18:28:29

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly...

9.1

CVE-2019-25710

Exploit
  • EPSS 0.03%
  • Veröffentlicht 12.04.2026 12:28:54
  • Zuletzt bearbeitet 17.04.2026 14:25:58

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to e...

7.2

CVE-2026-22666

Exploit
  • EPSS 0.36%
  • Veröffentlicht 07.04.2026 12:41:31
  • Zuletzt bearbeitet 24.04.2026 14:20:46

Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. ...

6.5

CVE-2026-34036

Exploit
  • EPSS 0.02%
  • Veröffentlicht 31.03.2026 01:39:38
  • Zuletzt bearbeitet 03.04.2026 16:54:36

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By...

7.5

CVE-2019-25452

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.02.2026 13:18:25
  • Zuletzt bearbeitet 02.03.2026 15:16:24

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious...

7.5

CVE-2019-25450

Exploit
  • EPSS 0.05%
  • Veröffentlicht 22.02.2026 13:18:24
  • Zuletzt bearbeitet 02.03.2026 15:16:23

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like action...

8.8

CVE-2025-56588

  • EPSS 0.22%
  • Veröffentlicht 01.10.2025 20:18:36
  • Zuletzt bearbeitet 22.10.2025 15:56:31

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.

9.4

CVE-2012-10059

Exploit
  • EPSS 47.85%
  • Veröffentlicht 13.08.2025 20:33:50
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject a...

9

CVE-2024-55228

Exploit
  • EPSS 0.12%
  • Veröffentlicht 27.01.2025 17:15:16
  • Zuletzt bearbeitet 19.02.2025 20:15:35

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.