dolibarr/dolibarr Security Advisories for 13.0.x-dev (27)
-
[HIGH] Dolibarr ERP CRM vulnerable to remote code execution (RCE)
PKSA-w732-85g1-ybr7 CVE-2024-40137 GHSA-vprp-94p9-5jp8
Affected version: <19.0.2
Reported by:
GitHub -
[HIGH] Dolibarr arbitrary file upload vulnerability
PKSA-wxcq-m2vs-15bs CVE-2024-37821 GHSA-p7r8-7w87-8g46
Affected version: <19.0.2
Reported by:
GitHub -
[MEDIUM] Reflected Cross-Site Scripting (XSS) in Dolibarr
PKSA-yvqp-j6j4-b7nx CVE-2024-34051 GHSA-hv2j-6654-x74q
Affected version: <19.0.2
Reported by:
GitHub -
[HIGH] Dolibarr vulnerable to Cross-Site Request Forgery
PKSA-8w8y-vz41-dcws CVE-2024-31503 GHSA-6ppg-rgrg-f573
Affected version: <=19.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP CRM Code Injection vulnerability during installation
PKSA-2sjx-71hq-ptft CVE-2024-29477 GHSA-p73x-rpgm-3v56
Affected version: <=19.0.0
Reported by:
GitHub -
[HIGH] Dolibarr Improper Input Validation vulnerability
PKSA-q6zm-sspk-cc66 CVE-2023-4197 GHSA-r9cm-pw9j-3fpx
Affected version: <18.0.2
Reported by:
GitHub -
[MEDIUM] Dolibarr Improper Input Validation vulnerability
PKSA-r9vt-swsb-3xhm CVE-2023-4198 GHSA-48v2-596x-4jr9
Affected version: <18.0.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in dolibarr/dolibarr
PKSA-zjx2-p78q-wn3y CVE-2023-5842 GHSA-9pjf-jw9q-fx49
Affected version: <16.0.5
Reported by:
GitHub -
[MEDIUM] Dolibarr Cross-site Scripting vulnerability
PKSA-5n9n-kh2g-xmcr CVE-2023-5323 GHSA-39m3-cj8c-886r
Affected version: <18.0.0
Reported by:
GitHub -
[HIGH] Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
PKSA-bjh3-pcty-gzfv CVE-2023-38886 GHSA-6773-rfjv-c54w
Affected version: <17.0.1
Reported by:
GitHub -
[HIGH] File Upload vulnerability in Dolibarr ERP CRM
PKSA-z8ry-v62w-xzbn CVE-2023-38887 GHSA-g8h7-mcp6-pf47
Affected version: <17.0.1
Reported by:
GitHub -
[CRITICAL] Cross Site Scripting vulnerability in Dolibarr ERP CRM
PKSA-88m8-v3s6-zj4m CVE-2023-38888 GHSA-62wf-h26v-5m57
Affected version: <17.0.1
Reported by:
GitHub -
[HIGH] Dolibarr vulnerable to remote code execution via uppercase manipulation
PKSA-vjp5-yqyb-hsw9 CVE-2023-30253 GHSA-9wqr-5jp4-mjmh
Affected version: <17.0.1
Reported by:
GitHub -
[CRITICAL] Dolibarr vulnerable to privilege escalation
PKSA-v57c-2m1y-xvmj CVE-2022-43138 GHSA-gh7m-j673-wm97
Affected version: <14.0.1
Reported by:
GitHub -
[CRITICAL] Dolibarr vulnerable to Eval Injection
PKSA-mbfz-b6r1-yyjp CVE-2022-40871 GHSA-7cm4-vmf2-8wf2
Affected version: <=15.0.3
Reported by:
GitHub -
[MEDIUM] Cross site scripting in dolibarr
PKSA-nbwd-xphp-dm3x CVE-2022-2060 GHSA-8fvr-7945-mg7w
Affected version: <16.0
Reported by:
GitHub -
[HIGH] SQL Injection in Dolibarr
PKSA-7hyc-8p7w-tx2z CVE-2021-36625 GHSA-vrgp-3ph6-2wwq
Affected version: <14.0.0
Reported by:
GitHub -
[HIGH] Access Control vulnerability in Dolibarr
PKSA-9gqb-jpxc-hzdt CVE-2021-37517 GHSA-xw7v-qrhc-jjg2
Affected version: <14.0.1
Reported by:
GitHub -
[HIGH] Code injection in dolibarr/dolibarr
PKSA-c6vz-7ss1-46ss CVE-2022-0819 GHSA-42qm-c3cf-9wv2
Affected version: <15.0.1
Reported by:
GitHub -
[MEDIUM] Logic error in dolibarr/dolibarr
PKSA-n91r-qpfg-6986 CVE-2022-0746 GHSA-8vq6-5f66-hp3r
Affected version: <16.0
Reported by:
GitHub -
[MEDIUM] Improper Authorization in dolibarr/dolibarr
PKSA-grdq-s436-n3jz CVE-2022-0731 GHSA-4xc7-x2jr-cr74
Affected version: <16.0
Reported by:
GitHub -
[MEDIUM] Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
PKSA-8bmy-9syy-8jvn CVE-2022-0414 GHSA-f768-8pvq-mm6r
Affected version: <=14.0.5
Reported by:
GitHub -
[HIGH] SQL Injection in dolibarr
PKSA-w8dx-f6mj-mt46 CVE-2022-0224 GHSA-j545-frh3-r9gq
Affected version: <=14.0.5
Reported by:
GitHub -
[MEDIUM] Logic error in dolibarr
PKSA-sc5b-g3wj-xw57 CVE-2022-0174 GHSA-8qvx-f5gf-g43v
Affected version: <15.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr Cross Site Scripting (XSS) vulnerability
PKSA-g9bb-rfmc-9cbr CVE-2021-42220 GHSA-jqfp-m5f8-vg28
Affected version: <14.0.3
Reported by:
GitHub -
[HIGH] Weak Password Recovery Mechanism for Forgotten Password
PKSA-kb2t-w5sd-kvm6 CVE-2021-25957 GHSA-c32w-3cqh-f6jx
Affected version: <14.0.0
Reported by:
GitHub -
[MEDIUM] Improper Access Control in Dolibarr
PKSA-kgzg-v22n-v1h7 CVE-2021-25954 GHSA-vxhc-c4qm-647p
Affected version: >=2.8.1,<14.0.0
Reported by:
GitHub