CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0224 – SQL Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr es vulnerable a una Neutralización Inapropiada de los Elementos Especiales usados en un Comando SQL • https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79 https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-22293
https://notcve.org/view.php?id=CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. El archivo admin/limits.php en Dolibarr versión 7.0.2, permite una inyección de HTML, como lo demuestra el parámetro MAIN_MAX_DECIMALS_TOT. • https://github.com/Dolibarr/dolibarr/issues/20237 https://github.com/mustgundogdu/Research/blob/main/Dolibar_7.0.2-StoredXSS/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2021-33816 – Dolibarr ERP / CRM 13.0.2 Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. El módulo de creación de sitios web en Dolibarr versión 13.0.2, permite una ejecución de código remota PHP debido a un mecanismo de protección incompleto en el que system, exec y shell_exec están bloqueados pero los backticks no lo están Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/39 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt https://trovent.io/security-advisory-2106-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33618 – Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. Dolibarr ERP y CRM versión 13.0.2, permite un ataque de tipo XSS por medio de detalles de objetos, como es demostrado por los caracteres ) y ( en el atributo onpointermove de un elemento BODY de la función de administración de usuarios Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/38 https://github.com/Dolibarr/dolibarr/releases https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt https://trovent.io/security-advisory-2105-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •