pkg:Packagist/dolibarr/dolibarr

All known vulnerabilities

• CRITICAL9.8CVE-2022-4093SQL injection in Dolibarr
  >= 16.0.1, < 16.0.3
• CRITICAL9.8CVE-2022-43138Dolibarr vulnerable to privilege escalation
  from 0, < 14.0.1
• CRITICAL9.8CVE-2022-40871Dolibarr vulnerable to Eval Injection
  from 0, <= 15.0.3
• CRITICAL9.8Dolibarr remote PHP code execution
  >= 13.0.2, < 14.0.0
• CRITICAL9.8Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
  >= 3.0, <= 10.0.3
• CRITICAL9.8Dolibarr Improper Restriction of Excessive Authentication Attempts
• CRITICAL9.8Dolibarr ERP and CRM Insecure Encryption
  from 0, <= 4.0.4
• CRITICAL9.8Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter
• CRITICAL9.8Dolibarr ERP and CRM SQLi
  from 0, < 5.0.3
• CRITICAL9.8Dolibarr SQL injection vulnerability in admin/menus/edit.php
  from 0, < 6.0.1
• CRITICAL9.8Dolibarr SQL injection vulnerability in don/list.php
  from 0, < 6.0.1
• CRITICAL9.8Dolibarr SQL injection vulnerability in comm/multiprix.php
  from 0, < 6.0.5
• CRITICAL9.8Dolibarr SQL injection vulnerability in adherents/subscription/info.php
  from 0, < 6.0.5
• CRITICAL9.8Dolibarr SQL injection vulnerability in fourn/index.php
  from 0, < 6.0.5
• CRITICAL9.8Dolibarr SQL injection vulnerability
  from 0, < 7.0.2
• CRITICAL9.8Dolibarr SQL injection vulnerability in product/card.php
  >= 7.0.3, < 7.0.4
• CRITICAL9.8Dolibarr SQL injection vulnerability in product/card.php
  >= 7.0.3, < 7.0.4
• CRITICAL9.8Dolibarr SQL injection vulnerability in product/card.php
  >= 7.0.3, < 7.0.4
• CRITICAL9.8Dolibarr SQL injection vulnerability in product/card.php
  >= 7.0.3, < 7.0.4
• CRITICAL9.8Dolibarr SQL injection via the integer parameters qty and value_unit
  >= 3.8, <= 7.0.0
• CRITICAL9.8Dolibarr SQL Injection vulnerability
  from 0, < 7.0.2
• CRITICAL9.6Cross Site Scripting vulnerability in Dolibarr ERP CRM
  from 0, < 17.0.1
• CRITICAL9.1Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
  from 0, <= 22.0.4
• CRITICAL9.1Dolibarr vulnerable to SQL Injection
  from 0, <= 9.0.1
• CRITICAL9.1Dolibarr vulnerable to SQL Injection
  from 0, <= 9.0.1
• CRITICAL9.0Dolibarr Cross-site Scripting vulnerability
• CRITICAL9.0Dolibarr Cross-site Scripting vulnerability
  >= 2.8.1, < 14.0.0
• HIGH8.8Dolibarr user with permission to edit PHP content can bypass filtering to restrict dangerous PHP functions
  from 0, <= 22.0.4
• HIGH8.8Dolibarr Allows Code Injection through its Website Module
  from 0, <= 15.0.3
• HIGH8.8Dolibarr vulnerable to RCE via the computed field parameter
  from 0, < 21.0.3
• HIGH8.8Dolibarr arbitrary file upload vulnerability
  from 0, < 19.0.2
• HIGH8.8File Upload vulnerability in Dolibarr ERP CRM
  from 0, < 17.0.1
• HIGH8.8Dolibarr vulnerable to remote code execution via uppercase manipulation
  from 0, < 17.0.1
• HIGH8.8Dolibarr Unrestricted Upload of File with Dangerous Type
  from 0, < 11.0.5
• HIGH8.8Dolibarr SQL injection vulnerability in accountancy/customer/card.php
  from 0, < 11.0.5
• HIGH8.8Incorrect Authorization in Dolibarr
  from 0, < 12.0.0
• HIGH8.8Dolibarr Cross-Site Request Forgery Vulnerability
  from 0, <= 10.0.6
• HIGH8.8Dolibarr ERP and CRM malicious executable loading
  from 0, < 9.0.3
• HIGH8.8Dolibarr Cross Site Request Forgery (CSRF)
• HIGH8.8Dolibarr ERP and CRM Unsafe File Upload Vulnerability
  from 0, <= 5.0.3
• HIGH8.8Dolibarr SQL injection via type parameter in product/stats/card.php
  from 0, < 5.0.4
• HIGH8.8Dolibarr SQL injection vulnerability
  from 0, <= 7.0.0
• HIGH8.8Dolibarr error-based SQL injection vulnerability in product/card.php
  from 0, < 8.0.4
• HIGH8.8Dolibarr SQL injection vulnerability in user/card.php
  from 0, < 8.0.4
• HIGH8.8SQL Injection in Dolibarr
  from 0, < 14.0.0
• HIGH8.8Code injection in dolibarr/dolibarr
  from 0, < 15.0.1
• HIGH8.8Weak Password Recovery Mechanism for Forgotten Password
  from 0, < 14.0.0
• HIGH8.3SQL Injection in dolibarr
  from 0, <= 14.0.5
• HIGH8.2Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php
  from 0, <= 8.0.4
• HIGH8.0Dolibarr Cross-Site Request Forgery (CSRF)
  >= 10.0, < 10.0.2
• HIGH8.0Dolibarr ERP and CRM Code Injection
  from 0, < 9.0.3
• HIGH8.0Dolibarr arbitrary commands execution
  from 0, < 7.0.2
• HIGH7.5Dolibarr vulnerable to Cross-Site Request Forgery
  from 0, <= 19.0.0
• HIGH7.5Dolibarr Improper Input Validation vulnerability
  from 0, < 18.0.2
• HIGH7.5Dolibarr vulnerable to unauthenticated database access
  >= 16.0.0, < 16.0.5
• HIGH7.5Dolibarr ERP and CRM SQLi
  from 0, < 10.0.3
• HIGH7.5Dolibarr ERP and CRM Sensitive Data Disclosure
  from 0, < 6.0.1
• HIGH7.5Dolibarr sensitive information disclosure
  from 0, < 6.0.5
• HIGH7.5Access Control vulnerability in Dolibarr
  from 0, < 14.0.1
• HIGH7.2Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
  from 0, < 17.0.1
• HIGH7.2Dolibarr authenticated Remote Code Execution
  from 0, < 12.0.4
• HIGH7.2Dolibarr vulnerable to Improper Authentication and Improper Access Control
  >= 3.3.beta1, < 14.0.0
• HIGH7.1Dolibarr Application Home Page has HTML injection vulnerability
  >= 18.0.4, < 18.0.7
• MEDIUM6.8Dolibarr ERP CRM Code Injection vulnerability during installation
  from 0, <= 19.0.0
• MEDIUM6.8Dolibarr allows password changes without supplying the current password
• MEDIUM6.5Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
  from 0, <= 22.0.4
• MEDIUM6.5Dolibarr Improper Input Validation vulnerability
  from 0, < 18.0.0
• MEDIUM6.5Dolibarr CRM allows Privilege Escalation
  from 0, < 11.0.5
• MEDIUM6.5Improper Authorization in dolibarr/dolibarr
  from 0, < 16.0
• MEDIUM6.1Cross-site Scripting in Dolibarr
• MEDIUM6.1Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, <= 13.0.2
• MEDIUM6.1Dolibarr reflected cross-site scripting (XSS) vulnerability
  from 0, < 11.0.5
• MEDIUM6.1Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, < 10.0.3
• MEDIUM6.1Dolibarr cross-site scripting (XSS) vulnerability
• MEDIUM6.1Dolibarr ERP and CRM HTML Injection
  from 0, < 11.0.1
• MEDIUM6.1Dolibarr Cross Site Scripting (XSS)
• MEDIUM6.1Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, <= 4.0.4
• MEDIUM6.1Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, < 6.0.5
• MEDIUM6.1Dolibarr Cross-site scripting (XSS) vulnerability
  from 0, < 7.0.2
• MEDIUM6.1Dolibarr reflected cross-site scripting (XSS) vulnerability
  from 0, < 8.0.4
• MEDIUM6.1Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, <= 8.0.3
• MEDIUM6.1Dolibarr Stored Cross-site Scripting in expensereport/card.php
  from 0, < 7.0.1
• MEDIUM6.1XSS in Dolibarr ERP & CRM
  from 0, <= 10.0.6
• MEDIUM6.1Cross-site scripting in Dolibarr
  from 0, < 10.0.2
• MEDIUM5.5Dolibarr ERP CRM vulnerable to remote code execution (RCE)
  from 0, < 19.0.2
• MEDIUM5.4Dolibarr Cross-site Scripting vulnerability
• MEDIUM5.4Dolibarr Cross-site Scripting vulnerability
  from 0, < 18.0.0
• MEDIUM5.4Cross site scripting in dolibarr
  from 0, < 16.0
• MEDIUM5.4Dolibarr stored Cross-Site Scripting (XSS) vulnerability
  from 0, <= 11.0.4
• MEDIUM5.4Dolibarr Stored Cross-site Scripting via file upload
• MEDIUM5.4Dolibarr Stored Cross-site Scripting
• MEDIUM5.4Dolibarr stored Cross-site Scripting vulnerability
• MEDIUM5.4Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, < 10.0.3
• MEDIUM5.4Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, <= 11.0.0
• MEDIUM5.4Dolibarr ERP and CRM contain XSS Vulnerability
  from 0, <= 10.0.3
• MEDIUM5.4Dolibarr Cross-site Scripting via outgoing email setup feature
• MEDIUM5.4Dolibarr Cross-site Scripting vulnerability
• MEDIUM5.4Dolibarr Cross-site Scripting via outgoing email setup feature
• MEDIUM5.4Dolibarr Cross-site Scripting in a User Profile in a Signature section
• MEDIUM5.4Dolibarr stored Cross-site Scripting in an Email Template section