CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0224 – SQL Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr es vulnerable a una Neutralización Inapropiada de los Elementos Especiales usados en un Comando SQL • https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79 https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2013-2093
https://notcve.org/view.php?id=CVE-2013-2093
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. Dolibarr ERP/CRM versión 3.3.1 no valida apropiadamente la entrada del usuario en los archivos viewimage.php y barcode.lib.php, lo que permite a atacantes remotos ejecutar comandos arbitrarios. • http://www.openwall.com/lists/oss-security/2013/05/14/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/84249 https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e97fff https://security-tracker.debian.org/tracker/CVE-2013-2093 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2092
https://notcve.org/view.php?id=CVE-2013-2092
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos inyectar script web o HTML arbitrario en el archivo functions.lib.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b04907005 https://security-tracker.debian.org/tracker/CVE-2013-2092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2091
https://notcve.org/view.php?id=CVE-2013-2091
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. Una vulnerabilidad de inyección SQL en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro "pays" en el archivo fiche.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489 https://security-tracker.debian.org/tracker/CVE-2013-2091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •