CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17898
https://notcve.org/view.php?id=CVE-2017-17898
24 Dec 2017 — Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. Dolibarr ERP/CRM versión 6.0.4 no bloquea peticiones directas en archivos *.tpl.php, lo que permite que atacantes remotos obtengan información sensible. • https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17899
https://notcve.org/view.php?id=CVE-2017-17899
24 Dec 2017 — SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. Una vulnerabilidad de inyección SQL en adherents/subscription/info.php en Dolibarr ERP/CRM versión 6.0.4 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro rowid. • https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17900
https://notcve.org/view.php?id=CVE-2017-17900
24 Dec 2017 — SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. Una vulnerabilidad de inyección SQL en fourn/index.php en Dolibarr ERP/CRM versión 6.0.4 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro socid. • https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7886 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7886
10 May 2017 — Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Dolibarr ERP / CRM 4.0.4 tiene un SQL Injection en doli / theme / eldy / style.css.php a través del parámetro lang. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7887 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7887
10 May 2017 — Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Dolibarr ERP / CRM 4.0.4 tiene un XSS en doli / societe / list.php a través del parámetro sall Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7888 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7888
10 May 2017 — Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. Dolibarr ERP / CRM 4.0.4 almacena contraseñas con el algoritmo MD5, lo que facilita los ataques de fuerza bruta. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-8879 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-8879
10 May 2017 — Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Dolibarr ERP/CRM 4.0.4 permite cambios de contraseña sin proporcionar la contraseña actual, lo que facilita a los atacantes físicamente cerca obtener acceso a través de una estación de trabajo desatendida. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injec... • https://packetstorm.news/files/id/142461 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3CVE-2014-3992 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-3992
08 Jul 2014 — Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr ERP/CRM 3.5.3 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del (1) parámetro entity en una acción de actualización en user/fiche.php o (2) parámetro sortorder en user... • https://packetstorm.news/files/id/127389 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2014-3991 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-3991
08 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) d... • https://packetstorm.news/files/id/127389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 3CVE-2012-1225 – Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection
https://notcve.org/view.php?id=CVE-2012-1225
21 Feb 2012 — Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr CMS v3.2.0 Alpha y anteriores permite a usuarios autenticados de forma remota ejecutar comandos SQL a través de (1) el parámetro memberslist (también conocido como Member List) en list.php o (2) el p... • https://www.exploit-db.com/exploits/36683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •