Dolibarr

Dolibarr Erp/crm

77 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-25452

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.02.2026 13:18:25
  • Zuletzt bearbeitet 02.03.2026 15:16:24

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious...

7.5

CVE-2019-25450

Exploit
  • EPSS 0.04%
  • Veröffentlicht 22.02.2026 13:18:24
  • Zuletzt bearbeitet 02.03.2026 15:16:23

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like action...

8.8

CVE-2025-56588

  • EPSS 0.14%
  • Veröffentlicht 01.10.2025 20:18:36
  • Zuletzt bearbeitet 22.10.2025 15:56:31

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.

9.4

CVE-2012-10059

Exploit
  • EPSS 43.63%
  • Veröffentlicht 13.08.2025 20:33:50
  • Zuletzt bearbeitet 14.08.2025 15:15:31

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject a...

9

CVE-2024-55228

Exploit
  • EPSS 0.12%
  • Veröffentlicht 27.01.2025 17:15:16
  • Zuletzt bearbeitet 19.02.2025 20:15:35

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

9

CVE-2024-55227

Exploit
  • EPSS 0.29%
  • Veröffentlicht 27.01.2025 17:15:16
  • Zuletzt bearbeitet 19.02.2025 20:15:35

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

4.3

CVE-2021-3991

  • EPSS 0.05%
  • Veröffentlicht 15.11.2024 11:15:07
  • Zuletzt bearbeitet 19.11.2024 15:31:47

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intende...

5.5

CVE-2024-40137

  • EPSS 0.48%
  • Veröffentlicht 24.07.2024 19:15:04
  • Zuletzt bearbeitet 21.11.2024 09:30:58

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

6.1

CVE-2024-23817

Exploit
  • EPSS 0.61%
  • Veröffentlicht 25.01.2024 20:15:41
  • Zuletzt bearbeitet 21.11.2024 08:58:28

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to in...

6.5

CVE-2023-4198

Exploit
  • EPSS 0.08%
  • Veröffentlicht 01.11.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:36

Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data