CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0224 – SQL Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr es vulnerable a una Neutralización Inapropiada de los Elementos Especiales usados en un Comando SQL • https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79 https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9016
https://notcve.org/view.php?id=CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. Dolibarr versión 11.0, permite un ataque de tipo XSS por medio de los parámetros joinfiles, topic, o code, o el encabezado Referer HTTP. • https://code610.blogspot.com/2020/02/this-time-i-tried-to-check-one-of.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2019-15062
https://notcve.org/view.php?id=CVE-2019-15062
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) Se descubrió un problema en Dolibarr versión 11.0.0-alpha. • https://gauravnarwani.com/publications/CVE-2019-15062 https://github.com/Dolibarr/dolibarr/issues/11671 • CWE-352: Cross-Site Request Forgery (CSRF) •