Dolibarr

Dolibarr

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.22%
  • Veröffentlicht 30.06.2026 15:59:10
  • Zuletzt bearbeitet 02.07.2026 18:00:00

Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrary database contents by supplying malicious values to the sqlfilters query parameter in the setup dictio...

  • EPSS 0.38%
  • Veröffentlicht 27.05.2026 15:16:27
  • Zuletzt bearbeitet 28.05.2026 17:16:20

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php.

  • EPSS 0.38%
  • Veröffentlicht 27.05.2026 15:16:26
  • Zuletzt bearbeitet 28.05.2026 17:16:20

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in function job type

  • EPSS 0.38%
  • Veröffentlicht 27.05.2026 15:16:26
  • Zuletzt bearbeitet 27.05.2026 20:03:09

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php

Exploit
  • EPSS 0.88%
  • Veröffentlicht 08.05.2026 14:21:55
  • Zuletzt bearbeitet 12.05.2026 20:54:07

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-contr...

  • EPSS 0.57%
  • Veröffentlicht 21.04.2026 00:00:00
  • Zuletzt bearbeitet 05.07.2026 02:17:45

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass...

  • EPSS 0.27%
  • Veröffentlicht 21.04.2026 00:00:00
  • Zuletzt bearbeitet 05.07.2026 02:17:45

In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code ...

Exploit
  • EPSS 0.92%
  • Veröffentlicht 17.04.2026 20:25:49
  • Zuletzt bearbeitet 01.05.2026 18:28:29

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly...

Exploit
  • EPSS 0.42%
  • Veröffentlicht 31.03.2026 01:39:38
  • Zuletzt bearbeitet 03.04.2026 16:54:36

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By...

  • EPSS 0.14%
  • Veröffentlicht 12.02.2026 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unpr...