Dolibarr

Dolibarr

34 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-13094

Exploit
  • EPSS 1.71%
  • Published 18.05.2020 22:15:12
  • Last modified 21.11.2024 05:00:39

Dolibarr before 11.0.4 allows XSS.

8.8

CVE-2020-12669

  • EPSS 0.29%
  • Published 06.05.2020 19:15:12
  • Last modified 21.11.2024 05:00:02

core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.

9.8

CVE-2019-19212

Exploit
  • EPSS 1.14%
  • Published 16.03.2020 20:15:12
  • Last modified 21.11.2024 04:34:20

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

6.1

CVE-2019-19211

Exploit
  • EPSS 2.09%
  • Published 16.03.2020 15:15:12
  • Last modified 21.11.2024 04:34:20

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.

5.4

CVE-2019-19210

Exploit
  • EPSS 0.61%
  • Published 16.03.2020 15:15:12
  • Last modified 21.11.2024 04:34:20

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.

7.5

CVE-2019-19209

Exploit
  • EPSS 1.56%
  • Published 16.03.2020 15:15:12
  • Last modified 21.11.2024 04:34:20

Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.

9.8

CVE-2018-16809

Exploit
  • EPSS 0.71%
  • Published 07.03.2019 23:29:00
  • Last modified 21.11.2024 03:53:23

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

6.1

CVE-2018-16808

Exploit
  • EPSS 0.27%
  • Published 07.03.2019 23:29:00
  • Last modified 21.11.2024 03:53:23

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.

6.1

CVE-2018-19799

Exploit
  • EPSS 2.64%
  • Published 26.12.2018 21:29:02
  • Last modified 21.11.2024 03:58:35

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.

9.8

CVE-2018-9019

  • EPSS 2%
  • Published 22.05.2018 20:29:01
  • Last modified 21.11.2024 04:14:47

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/jour...