NotCVE - vendor:"Dolibarr" product:"Dolibarr Erp\/crm" version:"3.5.3"

Page 3 of 23 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-9839

https://notcve.org/view.php?id=CVE-2017-9839

11 Apr 2018 — Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). Dolibarr ERP/CRM se ha visto afectado por una inyección SQL en las versiones anteriores a la 5.0.4 mediante product/stats/card.php (parámetro type). • https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3

CVE-2014-3992 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-3992

08 Jul 2014 — Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr ERP/CRM 3.5.3 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del (1) parámetro entity en una acción de actualización en user/fiche.php o (2) parámetro sortorder en user... • https://packetstorm.news/files/id/127389 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2014-3991 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-3991

08 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) d... • https://packetstorm.news/files/id/127389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3