Dolibarr

Dolibarr

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-67486

Exploit
  • EPSS 0.32%
  • Veröffentlicht 08.05.2026 14:21:55
  • Zuletzt bearbeitet 12.05.2026 20:54:07

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-contr...

8.8

CVE-2026-31019

  • EPSS 0.1%
  • Veröffentlicht 21.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 16:10:14

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass...

8.8

CVE-2026-31018

  • EPSS 0.04%
  • Veröffentlicht 21.04.2026 00:00:00
  • Zuletzt bearbeitet 23.04.2026 16:15:59

In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code ...

9.1

CVE-2026-23500

Exploit
  • EPSS 0.11%
  • Veröffentlicht 17.04.2026 20:25:49
  • Zuletzt bearbeitet 01.05.2026 18:28:29

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly...

6.5

CVE-2026-34036

Exploit
  • EPSS 0.02%
  • Veröffentlicht 31.03.2026 01:39:38
  • Zuletzt bearbeitet 03.04.2026 16:54:36

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By...

9

CVE-2025-69634

  • EPSS 0.06%
  • Veröffentlicht 12.02.2026 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unpr...

6.4

CVE-2020-36966

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.01.2026 16:16:37
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /do...

8.8

CVE-2025-56588

  • EPSS 0.22%
  • Veröffentlicht 01.10.2025 20:18:36
  • Zuletzt bearbeitet 22.10.2025 15:56:31

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.

4.6

CVE-2024-34051

  • EPSS 0.97%
  • Veröffentlicht 03.06.2024 20:15:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

5.4

CVE-2021-42220

Exploit
  • EPSS 0.27%
  • Veröffentlicht 15.12.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:25

A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.