Page 18 of 121 results (0.003 seconds)

CVSS: 6.1EPSS: 95%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en Dolibarr, en versiones anteriores a la 7.0.2, permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro foruserlogin en adherents/cartes/carte.php. Dolibarr version 7.0.0 suffers from a cross site scripting vulnerability. • http://www.openwall.com/lists/oss-security/2018/05/21/3 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56 https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 3

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores relacionados con los parámetros de enteros sin comillas. Dolibarr version 7.00 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/44805 http://www.openwall.com/lists/oss-security/2018/05/21/1 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. El panel de administrador en Dolibarr en versiones anteriores a la 7.0.2 podría permitir que atacantes remotos ejecuten comandos arbitrarios aprovechando el soporte para actualizar el comando y los parámetros del antivirus empleados para escanear las subidas de archivos. Dolibarr version 7.0.0 suffers from a remote code execution vulnerability. • http://www.openwall.com/lists/oss-security/2018/05/21/2 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39 https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro sortfield en /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php o /admin/website.php. • https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. Dolibarr ERP/CRM se ha visto afectado por Cross-Site Scripting (XSS) persistente hasta la versión 7.0.0. • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •