Product:

Dolibarr

(Dolibarr)
Repositories https://github.com/Dolibarr/dolibarr
https://github.com/GPCsolutions/dolibarr
#Vulnerabilities 33
Date Id Summary Products Score Patch Annotated
2018-05-22 CVE-2018-10092 The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. Dolibarr 8.0
2020-06-18 CVE-2020-14443 A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Dolibarr N/A
2020-05-18 CVE-2020-13094 Dolibarr before 11.0.4 allows XSS. Dolibarr N/A
2020-03-16 CVE-2019-19212 Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). Dolibarr N/A
2020-03-16 CVE-2019-19211 Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Dolibarr N/A
2020-03-16 CVE-2019-19210 Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Dolibarr N/A
2020-03-16 CVE-2019-19209 Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Dolibarr N/A
2018-12-26 CVE-2018-19799 Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Dolibarr 6.1
2019-03-07 CVE-2018-16809 An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Dolibarr 9.8
2019-03-07 CVE-2018-16808 An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Dolibarr 6.1