CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14241
https://notcve.org/view.php?id=CVE-2017-14241
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Dolibarr ERP/CRM 6.0.0 permite que usuarios autenticados remotos inyecten scripts web o HTML arbitrarios mediante el parámetro Title en htdocs/admin/menus/edit.php. • https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14238
https://notcve.org/view.php?id=CVE-2017-14238
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. Una vulnerabilidad de inyección SQL en admin/menus/edit.php en Dolibarr ERP/CRM 6.0.0 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro menuid. • https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9840
https://notcve.org/view.php?id=CVE-2017-9840
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. Dolibarr ERP/CRM 5.0.3 y anteriores permite a usuarios con pocos privilegios subir archivos de tipos peligrosos, lo que puede resultar en la ejecución de código arbitrario dentro del contexto de la aplicación vulnerable. • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-009 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9435
https://notcve.org/view.php?id=CVE-2017-9435
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). El ERP/CRM Dolibarr anterior a versión 5.0.3, es vulnerable a una inyección SQL en el archivo user/index.php (parámetros search_supervisor y search_statut). • https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7886 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7886
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Dolibarr ERP / CRM 4.0.4 tiene un SQL Injection en doli / theme / eldy / style.css.php a través del parámetro lang. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •