NotCVE - vendor:"Dolibarr" product:"Dolibarr Erp\/crm" version:"2.7.0"

Page 3 of 24 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-9839

https://notcve.org/view.php?id=CVE-2017-9839

11 Apr 2018 — Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). Dolibarr ERP/CRM se ha visto afectado por una inyección SQL en las versiones anteriores a la 5.0.4 mediante product/stats/card.php (parámetro type). • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 3

CVE-2012-1225 – Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

https://notcve.org/view.php?id=CVE-2012-1225

21 Feb 2012 — Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr CMS v3.2.0 Alpha y anteriores permite a usuarios autenticados de forma remota ejecutar comandos SQL a través de (1) el parámetro memberslist (también conocido como Member List) en list.php o (2) el p... • https://www.exploit-db.com/exploits/36683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 11

CVE-2011-4802 – Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

https://notcve.org/view.php?id=CVE-2011-4802

14 Dec 2011 — Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr v3.1.0 RC y probablemente anteriores, permit... • https://www.exploit-db.com/exploits/36333 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 4%CPEs: 11EXPL: 7

CVE-2011-4814 – Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4814

14 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Dolibarr v3.1.0 RC y probablemente anteriores, permite a atacantes remotos inyectar sec... • https://www.exploit-db.com/exploits/36330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3