CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13450
https://notcve.org/view.php?id=CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro status_batch. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13447
https://notcve.org/view.php?id=CVE-2018-13447
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro statut. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13449
https://notcve.org/view.php?id=CVE-2018-13449
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro statut_buy. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 95%CPEs: 1EXPL: 0CVE-2018-10095 – Dolibarr 7.0.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en Dolibarr, en versiones anteriores a la 7.0.2, permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro foruserlogin en adherents/cartes/carte.php. Dolibarr version 7.0.0 suffers from a cross site scripting vulnerability. • http://www.openwall.com/lists/oss-security/2018/05/21/3 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56 https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 3CVE-2018-10094 – Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection
https://notcve.org/view.php?id=CVE-2018-10094
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores relacionados con los parámetros de enteros sin comillas. Dolibarr version 7.00 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/44805 http://www.openwall.com/lists/oss-security/2018/05/21/1 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •