Show filters
123 Total Results
Displaying 21-30 of 123
Sort by:
Attacker Value
Unknown

CVE-2021-37517

Disclosure Date: March 31, 2022 (last updated October 07, 2023)
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36625

Disclosure Date: March 31, 2022 (last updated October 07, 2023)
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0819

Disclosure Date: March 02, 2022 (last updated November 29, 2024)
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0746

Disclosure Date: February 25, 2022 (last updated November 29, 2024)
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0731

Disclosure Date: February 23, 2022 (last updated November 29, 2024)
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0414

Disclosure Date: January 31, 2022 (last updated November 29, 2024)
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0224

Disclosure Date: January 14, 2022 (last updated November 28, 2024)
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0174

Disclosure Date: January 10, 2022 (last updated November 28, 2024)
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-22293

Disclosure Date: January 02, 2022 (last updated November 28, 2024)
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-42220

Disclosure Date: December 15, 2021 (last updated October 07, 2023)
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >