CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0731 – Improper Access Control (IDOR) in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0731
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. Un Control de Acceso Inapropiado (IDOR) en el repositorio de GitHub dolibarr/dolibarr versiones anteriores a 16.0 • https://github.com/dolibarr/dolibarr/commit/209ab708d4b65fbd88ba4340d60b7822cb72651a https://huntr.dev/bounties/e242ab4e-fc70-4b2c-a42d-5b3ee4895de8 • CWE-284: Improper Access Control CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0414 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0414
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. Unos Errores de Lógica de Negocio en el paquete dolibarr/dolibarr versiones anteriores a 16.0 • https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684 https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0224 – SQL Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr es vulnerable a una Neutralización Inapropiada de los Elementos Especiales usados en un Comando SQL • https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79 https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2021-33816 – Dolibarr ERP / CRM 13.0.2 Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. El módulo de creación de sitios web en Dolibarr versión 13.0.2, permite una ejecución de código remota PHP debido a un mecanismo de protección incompleto en el que system, exec y shell_exec están bloqueados pero los backticks no lo están Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/39 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt https://trovent.io/security-advisory-2106-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •