Filtered by vendor Dolibarr
Subscriptions
Total
121 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | ||||
CVE-2018-13447 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | ||||
CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | ||||
CVE-2018-10094 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | ||||
CVE-2018-10092 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. | ||||
CVE-2017-9840 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | ||||
CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | ||||
CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | ||||
CVE-2017-9435 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). | ||||
CVE-2017-8879 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | ||||
CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||||
CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | ||||
CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
CVE-2017-18260 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter). | ||||
CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | ||||
CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | ||||
CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | ||||
CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | ||||
CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | ||||
CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |