CVE-2022-0414 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0414
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. Unos Errores de Lógica de Negocio en el paquete dolibarr/dolibarr versiones anteriores a 16.0 • https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684 https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f • CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2022-0224 – SQL Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr es vulnerable a una Neutralización Inapropiada de los Elementos Especiales usados en un Comando SQL • https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79 https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2022-22293
https://notcve.org/view.php?id=CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. El archivo admin/limits.php en Dolibarr versión 7.0.2, permite una inyección de HTML, como lo demuestra el parámetro MAIN_MAX_DECIMALS_TOT. • https://github.com/Dolibarr/dolibarr/issues/20237 https://github.com/mustgundogdu/Research/blob/main/Dolibar_7.0.2-StoredXSS/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-33816 – Dolibarr ERP / CRM 13.0.2 Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. El módulo de creación de sitios web en Dolibarr versión 13.0.2, permite una ejecución de código remota PHP debido a un mecanismo de protección incompleto en el que system, exec y shell_exec están bloqueados pero los backticks no lo están Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/39 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt https://trovent.io/security-advisory-2106-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •