Dolibarr

Dolibarr Erp/crm

79 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.24%
  • Veröffentlicht 29.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:42

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine...

Exploit
  • EPSS 2.1%
  • Veröffentlicht 29.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:42

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binarie...

Exploit
  • EPSS 1.04%
  • Veröffentlicht 29.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:42

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. Th...

Exploit
  • EPSS 2.19%
  • Veröffentlicht 18.07.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:17:56

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password...

Exploit
  • EPSS 0.98%
  • Veröffentlicht 15.07.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:17:55

Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.

  • EPSS 1.42%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:57

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.

  • EPSS 2.03%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:57

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

  • EPSS 1.11%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:57

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.

  • EPSS 2.21%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:58

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

  • EPSS 1.08%
  • Veröffentlicht 03.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:57

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.