CVE-2018-13448
- EPSS 0.29%
- Veröffentlicht 08.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:47:07
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVE-2018-13447
- EPSS 0.29%
- Veröffentlicht 08.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:47:06
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVE-2017-9839
- EPSS 0.22%
- Veröffentlicht 11.04.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 03:36:57
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVE-2017-9838
- EPSS 0.19%
- Veröffentlicht 11.04.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 03:36:57
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_cr...
CVE-2017-18260
- EPSS 0.22%
- Veröffentlicht 11.04.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:42
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVE-2017-18259
- EPSS 0.19%
- Veröffentlicht 11.04.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:42
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVE-2017-1000509
- EPSS 0.25%
- Veröffentlicht 09.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:53
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.