Filtered by vendor Dolibarr Subscriptions
Total 121 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-13448 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVE-2018-13447 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVE-2018-10095 1 Dolibarr 1 Dolibarr 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
CVE-2018-10094 1 Dolibarr 1 Dolibarr 2024-11-21 N/A
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVE-2018-10092 1 Dolibarr 1 Dolibarr 2024-11-21 N/A
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
CVE-2017-9840 1 Dolibarr 1 Dolibarr 2024-11-21 N/A
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
CVE-2017-9839 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVE-2017-9838 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).
CVE-2017-9435 1 Dolibarr 1 Dolibarr 2024-11-21 N/A
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
CVE-2017-8879 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
CVE-2017-7888 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
CVE-2017-7887 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVE-2017-7886 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVE-2017-18260 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVE-2017-18259 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVE-2017-17971 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVE-2017-17900 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
CVE-2017-17899 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2017-17898 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVE-2017-17897 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 N/A
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.