📦 Dolibarr Erp\/crm
by Dolibarr
🔍 What is Dolibarr Erp\/crm?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This CVE describes a cross-site scripting (XSS) vulnerability in Dolibarr's Events/Agenda module that allows attackers to inject malicious scripts into the Title parameter. When exploited, this enable...
CVE-2024-5314 is a SQL injection vulnerability in Dolibarr ERP-CRM version 9.0.1 that allows remote attackers to execute arbitrary SQL queries through the sortorder and sortfield parameters in /doliba...
This is a Cross-Site Scripting (XSS) vulnerability in Dolibarr ERP CRM's REST API module that allows remote attackers to inject malicious scripts. When exploited, it can lead to sensitive information ...
CVE-2021-33816 allows remote attackers to execute arbitrary PHP code on Dolibarr installations through the website builder module. The vulnerability exists because the application blocks common PHP ex...
Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints that allow authenticated attackers to inject malicious SQL through POST parameters. This enables attackers to extra...
Dolibarr ERP & CRM version 21.0.1 contains a remote code execution vulnerability in the User module configuration via the computed field parameter. This allows attackers to execute arbitrary code on a...
This vulnerability allows attackers to upload malicious .SQL files through the Upload Template function in Dolibarr ERP CRM, potentially leading to arbitrary code execution. It affects Dolibarr ERP CR...
This vulnerability allows authenticated attackers in Dolibarr ERP CRM to steal session cookies and CSRF tokens from other users through crafted web pages. This can lead to complete account takeover of...
This vulnerability in Dolibarr ERP CRM allows attackers with adjacent network access to execute arbitrary code during the installation process due to insufficient input sanitization. It affects Doliba...
This vulnerability allows remote authenticated attackers with privileged access to execute arbitrary commands on Dolibarr ERP CRM systems. Attackers can exploit this to run malicious scripts or comman...
This vulnerability in Dolibarr ERP/CRM software allows unauthenticated attackers to dump the entire database and access sensitive company data including customer files, prospects, suppliers, and emplo...
This vulnerability allows authenticated users in Dolibarr to execute arbitrary code on the server by injecting PHP code with uppercase <?PHP tags instead of standard lowercase <?php tags. It affects a...
This CVE describes an access control vulnerability in Dolibarr ERP/CRM's forgot-password function that allows email addresses as usernames, enabling attackers to cause denial of service. The vulnerabi...
This CVE describes an improper authorization vulnerability in Dolibarr ERP/CRM software where users with restricted permissions in the Reception section can bypass access controls by directly accessin...