CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2091
https://notcve.org/view.php?id=CVE-2013-2091
20 Nov 2019 — SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. Una vulnerabilidad de inyección SQL en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro "pays" en el archivo fiche.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18259
https://notcve.org/view.php?id=CVE-2017-18259
11 Apr 2018 — Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. Dolibarr ERP/CRM se ha visto afectado por Cross-Site Scripting (XSS) persistente hasta la versión 7.0.0. • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18260
https://notcve.org/view.php?id=CVE-2017-18260
11 Apr 2018 — Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter). Dolibarr ERP/CRM se ha visto afectado por múltiples vulnerabilidades de inyección SQL hasta la versión 7.0.0 mediante comm/propal/list.php (parámetro viewstatut) o comm/propal/list.php (parámetro propal_statut, también conocido como search_statut). • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9838
https://notcve.org/view.php?id=CVE-2017-9838
11 Apr 2018 — Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). Dolibarr ERP/CRM se ha visto afectado por múltiples vulnerabilidades de Cross-Site Scripting (XSS) reflejado en las versi... • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9839
https://notcve.org/view.php?id=CVE-2017-9839
11 Apr 2018 — Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). Dolibarr ERP/CRM se ha visto afectado por una inyección SQL en las versiones anteriores a la 5.0.4 mediante product/stats/card.php (parámetro type). • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7886 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7886
10 May 2017 — Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Dolibarr ERP / CRM 4.0.4 tiene un SQL Injection en doli / theme / eldy / style.css.php a través del parámetro lang. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7887 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7887
10 May 2017 — Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Dolibarr ERP / CRM 4.0.4 tiene un XSS en doli / societe / list.php a través del parámetro sall Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7888 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7888
10 May 2017 — Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. Dolibarr ERP / CRM 4.0.4 almacena contraseñas con el algoritmo MD5, lo que facilita los ataques de fuerza bruta. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-8879 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-8879
10 May 2017 — Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Dolibarr ERP/CRM 4.0.4 permite cambios de contraseña sin proporcionar la contraseña actual, lo que facilita a los atacantes físicamente cerca obtener acceso a través de una estación de trabajo desatendida. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injec... • https://packetstorm.news/files/id/142461 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3CVE-2014-3992 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-3992
08 Jul 2014 — Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr ERP/CRM 3.5.3 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del (1) parámetro entity en una acción de actualización en user/fiche.php o (2) parámetro sortorder en user... • https://packetstorm.news/files/id/127389 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •