Security Advisories - dolibarr/dolibarr

dolibarr/dolibarr Security Advisories for 13.0.x-dev (23)

[HIGH] Dolibarr vulnerable to Cross-Site Request Forgery

PKSA-8w8y-vz41-dcws CVE-2024-31503 GHSA-6ppg-rgrg-f573

Affected version: <=19.0.0

Reported by:
GitHub
[MEDIUM] Dolibarr ERP CRM Code Injection vulnerability during installation

PKSA-2sjx-71hq-ptft CVE-2024-29477 GHSA-p73x-rpgm-3v56

Affected version: <=19.0.0

Reported by:
GitHub
[MEDIUM] Dolibarr Improper Input Validation vulnerability

PKSA-r9vt-swsb-3xhm CVE-2023-4198 GHSA-48v2-596x-4jr9

Affected version: <18.0.0

Reported by:
GitHub
[HIGH] Dolibarr Improper Input Validation vulnerability

PKSA-q6zm-sspk-cc66 CVE-2023-4197 GHSA-r9cm-pw9j-3fpx

Affected version: <18.0.2

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in dolibarr/dolibarr

PKSA-zjx2-p78q-wn3y CVE-2023-5842 GHSA-9pjf-jw9q-fx49

Affected version: <16.0.5

Reported by:
GitHub
[MEDIUM] Dolibarr Cross-site Scripting vulnerability

PKSA-5n9n-kh2g-xmcr CVE-2023-5323 GHSA-39m3-cj8c-886r

Affected version: <18.0.0

Reported by:
GitHub
[CRITICAL] Cross Site Scripting vulnerability in Dolibarr ERP CRM

PKSA-88m8-v3s6-zj4m CVE-2023-38888 GHSA-62wf-h26v-5m57

Affected version: <17.0.1

Reported by:
GitHub
[HIGH] File Upload vulnerability in Dolibarr ERP CRM

PKSA-z8ry-v62w-xzbn CVE-2023-38887 GHSA-g8h7-mcp6-pf47

Affected version: <17.0.1

Reported by:
GitHub
[HIGH] Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script

PKSA-bjh3-pcty-gzfv CVE-2023-38886 GHSA-6773-rfjv-c54w

Affected version: <17.0.1

Reported by:
GitHub
[HIGH] Dolibarr vulnerable to remote code execution via uppercase manipulation

PKSA-vjp5-yqyb-hsw9 CVE-2023-30253 GHSA-9wqr-5jp4-mjmh

Affected version: <17.0.1

Reported by:
GitHub
[CRITICAL] Dolibarr vulnerable to privilege escalation

PKSA-v57c-2m1y-xvmj CVE-2022-43138 GHSA-gh7m-j673-wm97

Affected version: <14.0.1

Reported by:
GitHub
[CRITICAL] Dolibarr vulnerable to Eval Injection

PKSA-mbfz-b6r1-yyjp CVE-2022-40871 GHSA-7cm4-vmf2-8wf2

Affected version: <=15.0.3

Reported by:
GitHub
[MEDIUM] Cross site scripting in dolibarr

PKSA-nbwd-xphp-dm3x CVE-2022-2060 GHSA-8fvr-7945-mg7w

Affected version: <16.0

Reported by:
GitHub
[HIGH] SQL Injection in Dolibarr

PKSA-7hyc-8p7w-tx2z CVE-2021-36625 GHSA-vrgp-3ph6-2wwq

Affected version: <14.0.0

Reported by:
GitHub
[HIGH] Access Control vulnerability in Dolibarr

PKSA-9gqb-jpxc-hzdt CVE-2021-37517 GHSA-xw7v-qrhc-jjg2

Affected version: <14.0.1

Reported by:
GitHub
[HIGH] Code injection in dolibarr/dolibarr

PKSA-c6vz-7ss1-46ss CVE-2022-0819 GHSA-42qm-c3cf-9wv2

Affected version: <15.0.1

Reported by:
GitHub
[MEDIUM] Logic error in dolibarr/dolibarr

PKSA-n91r-qpfg-6986 CVE-2022-0746 GHSA-8vq6-5f66-hp3r

Affected version: <16.0

Reported by:
GitHub
[MEDIUM] Improper Authorization in dolibarr/dolibarr

PKSA-grdq-s436-n3jz CVE-2022-0731 GHSA-4xc7-x2jr-cr74

Affected version: <16.0

Reported by:
GitHub
[MEDIUM] Dolibarr vulnerable to Improper Validation of Specified Quantity in Input

PKSA-8bmy-9syy-8jvn CVE-2022-0414 GHSA-f768-8pvq-mm6r

Affected version: <=14.0.5

Reported by:
GitHub
[HIGH] SQL Injection in dolibarr

PKSA-w8dx-f6mj-mt46 CVE-2022-0224 GHSA-j545-frh3-r9gq

Affected version: <=14.0.5

Reported by:
GitHub
[MEDIUM] Logic error in dolibarr

PKSA-sc5b-g3wj-xw57 CVE-2022-0174 GHSA-8qvx-f5gf-g43v

Affected version: <15.0.0

Reported by:
GitHub
[HIGH] Weak Password Recovery Mechanism for Forgotten Password

PKSA-kb2t-w5sd-kvm6 CVE-2021-25957 GHSA-c32w-3cqh-f6jx

Affected version: <14.0.0

Reported by:
GitHub
[MEDIUM] Improper Access Control in Dolibarr

PKSA-kgzg-v22n-v1h7 CVE-2021-25954 GHSA-vxhc-c4qm-647p

Affected version: >=2.8.1,<14.0.0

Reported by:
GitHub

dolibarr/dolibarr Security Advisories for 13.0.x-dev (23)

[HIGH] Dolibarr vulnerable to Cross-Site Request Forgery

[MEDIUM] Dolibarr ERP CRM Code Injection vulnerability during installation

[MEDIUM] Dolibarr Improper Input Validation vulnerability

[HIGH] Dolibarr Improper Input Validation vulnerability

[MEDIUM] Cross-site Scripting (XSS) in dolibarr/dolibarr

[MEDIUM] Dolibarr Cross-site Scripting vulnerability

[CRITICAL] Cross Site Scripting vulnerability in Dolibarr ERP CRM

[HIGH] File Upload vulnerability in Dolibarr ERP CRM

[HIGH] Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script

[HIGH] Dolibarr vulnerable to remote code execution via uppercase manipulation

[CRITICAL] Dolibarr vulnerable to privilege escalation

[CRITICAL] Dolibarr vulnerable to Eval Injection

[MEDIUM] Cross site scripting in dolibarr

[HIGH] SQL Injection in Dolibarr

[HIGH] Access Control vulnerability in Dolibarr

[HIGH] Code injection in dolibarr/dolibarr

[MEDIUM] Logic error in dolibarr/dolibarr

[MEDIUM] Improper Authorization in dolibarr/dolibarr

[MEDIUM] Dolibarr vulnerable to Improper Validation of Specified Quantity in Input

[HIGH] SQL Injection in dolibarr

[MEDIUM] Logic error in dolibarr

[HIGH] Weak Password Recovery Mechanism for Forgotten Password

[MEDIUM] Improper Access Control in Dolibarr