dolibarr/dolibarr Security Advisories for 3.8.3 (84)
-
[HIGH] Dolibarr ERP CRM vulnerable to remote code execution (RCE)
PKSA-w732-85g1-ybr7 CVE-2024-40137 GHSA-vprp-94p9-5jp8
Affected version: <19.0.2
Reported by:
GitHub -
[HIGH] Dolibarr arbitrary file upload vulnerability
PKSA-wxcq-m2vs-15bs CVE-2024-37821 GHSA-p7r8-7w87-8g46
Affected version: <19.0.2
Reported by:
GitHub -
[MEDIUM] Reflected Cross-Site Scripting (XSS) in Dolibarr
PKSA-yvqp-j6j4-b7nx CVE-2024-34051 GHSA-hv2j-6654-x74q
Affected version: <19.0.2
Reported by:
GitHub -
[CRITICAL] Dolibarr vulnerable to SQL Injection
PKSA-8gyc-931z-kdz6 CVE-2024-5315 GHSA-q8x7-jc3h-p8xc
Affected version: <=9.0.1
Reported by:
GitHub -
[CRITICAL] Dolibarr vulnerable to SQL Injection
PKSA-bczq-s1vj-nqnh CVE-2024-5314 GHSA-c3h9-q3jx-w7fc
Affected version: <=9.0.1
Reported by:
GitHub -
[HIGH] Dolibarr vulnerable to Cross-Site Request Forgery
PKSA-8w8y-vz41-dcws CVE-2024-31503 GHSA-6ppg-rgrg-f573
Affected version: <=19.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP CRM Code Injection vulnerability during installation
PKSA-2sjx-71hq-ptft CVE-2024-29477 GHSA-p73x-rpgm-3v56
Affected version: <=19.0.0
Reported by:
GitHub -
[HIGH] Dolibarr Improper Input Validation vulnerability
PKSA-q6zm-sspk-cc66 CVE-2023-4197 GHSA-r9cm-pw9j-3fpx
Affected version: <18.0.2
Reported by:
GitHub -
[MEDIUM] Dolibarr Improper Input Validation vulnerability
PKSA-r9vt-swsb-3xhm CVE-2023-4198 GHSA-48v2-596x-4jr9
Affected version: <18.0.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in dolibarr/dolibarr
PKSA-zjx2-p78q-wn3y CVE-2023-5842 GHSA-9pjf-jw9q-fx49
Affected version: <16.0.5
Reported by:
GitHub -
[MEDIUM] Dolibarr Cross-site Scripting vulnerability
PKSA-5n9n-kh2g-xmcr CVE-2023-5323 GHSA-39m3-cj8c-886r
Affected version: <18.0.0
Reported by:
GitHub -
[HIGH] Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
PKSA-bjh3-pcty-gzfv CVE-2023-38886 GHSA-6773-rfjv-c54w
Affected version: <17.0.1
Reported by:
GitHub -
[HIGH] File Upload vulnerability in Dolibarr ERP CRM
PKSA-z8ry-v62w-xzbn CVE-2023-38887 GHSA-g8h7-mcp6-pf47
Affected version: <17.0.1
Reported by:
GitHub -
[CRITICAL] Cross Site Scripting vulnerability in Dolibarr ERP CRM
PKSA-88m8-v3s6-zj4m CVE-2023-38888 GHSA-62wf-h26v-5m57
Affected version: <17.0.1
Reported by:
GitHub -
[HIGH] Dolibarr vulnerable to remote code execution via uppercase manipulation
PKSA-vjp5-yqyb-hsw9 CVE-2023-30253 GHSA-9wqr-5jp4-mjmh
Affected version: <17.0.1
Reported by:
GitHub -
[CRITICAL] Dolibarr vulnerable to privilege escalation
PKSA-v57c-2m1y-xvmj CVE-2022-43138 GHSA-gh7m-j673-wm97
Affected version: <14.0.1
Reported by:
GitHub -
[CRITICAL] Dolibarr vulnerable to Eval Injection
PKSA-mbfz-b6r1-yyjp CVE-2022-40871 GHSA-7cm4-vmf2-8wf2
Affected version: <=15.0.3
Reported by:
GitHub -
[MEDIUM] Cross site scripting in dolibarr
PKSA-nbwd-xphp-dm3x CVE-2022-2060 GHSA-8fvr-7945-mg7w
Affected version: <16.0
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-9v1x-ktqz-f9tf CVE-2021-33618 GHSA-fc6h-769x-gff5
Affected version: <=13.0.2
Reported by:
GitHub -
[HIGH] Dolibarr authenticated Remote Code Execution
PKSA-jv4b-mqk9-nw8w CVE-2020-35136 GHSA-7x8g-h246-gvx3
Affected version: <=12.0.3
Reported by:
GitHub -
[HIGH] Dolibarr Unrestricted Upload of File with Dangerous Type
PKSA-bb5n-jk3t-xfxd CVE-2020-14209 GHSA-2gcp-xwxg-hqg3
Affected version: <11.0.5
Reported by:
GitHub -
[MEDIUM] Dolibarr stored Cross-Site Scripting (XSS) vulnerability
PKSA-cxcd-vptr-g7mp CVE-2020-13828 GHSA-8r2w-phx4-mgpv
Affected version: <=11.0.4
Reported by:
GitHub -
[MEDIUM] Dolibarr CRM allows Privilege Escalation
PKSA-s6hs-f6t3-qf3p CVE-2020-14201 GHSA-25h3-mw3p-w8r7
Affected version: <11.0.5
Reported by:
GitHub -
[MEDIUM] Dolibarr reflected cross-site scripting (XSS) vulnerability
PKSA-pndq-94v2-bkzz CVE-2020-14475 GHSA-m396-2x3h-v3v4
Affected version: <11.0.5
Reported by:
GitHub -
[HIGH] Dolibarr SQL injection vulnerability in accountancy/customer/card.php
PKSA-ntpj-nqm8-qyy6 CVE-2020-14443 GHSA-8v7v-6mmm-xjxm
Affected version: <11.0.5
Reported by:
GitHub -
[HIGH] Incorrect Authorization in Dolibarr
PKSA-qn6f-tr2w-4djc CVE-2020-12669 GHSA-rg8m-84jf-9367
Affected version: <12.0.0
Reported by:
GitHub -
[HIGH] Dolibarr Cross-Site Request Forgery Vulnerability
PKSA-w2cr-77jy-3g26 CVE-2020-11825 GHSA-m66x-wm27-xxpc
Affected version: <=10.0.6
Reported by:
GitHub -
[HIGH] Dolibarr ERP and CRM SQLi
PKSA-nx8v-n677-wc1v CVE-2019-19209 GHSA-jh3j-xfv2-f9m9
Affected version: <10.0.3
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-c5xb-z1bt-9jfy CVE-2019-19210 GHSA-87r3-4gc8-f897
Affected version: <10.0.3
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-g6v4-vq1v-p32t CVE-2019-19211 GHSA-gfhf-2xr5-2fvw
Affected version: <10.0.3
Reported by:
GitHub -
[CRITICAL] Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
PKSA-3wyy-1p2j-yfhf CVE-2019-19212 GHSA-pm57-926c-28mr
Affected version: >=3.0,<=10.0.3
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-fhb8-mj38-9kqm CVE-2020-9016 GHSA-jh69-6vv2-wfp5
Affected version: <=11.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-rny5-1t19-1dr3 CVE-2019-19206 GHSA-f6h3-66xr-hqr2
Affected version: <=10.0.3
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM HTML Injection
PKSA-61zb-92w5-rzs3 CVE-2019-17223 GHSA-3264-65pg-5xm4
Affected version: <11.0.1
Reported by:
GitHub -
[HIGH] Dolibarr ERP and CRM malicious executable loading
PKSA-n8dc-7zky-4fhn CVE-2019-11200 GHSA-2rwh-262r-r85j
Affected version: <9.0.3
Reported by:
GitHub -
[HIGH] Dolibarr ERP and CRM Code Injection
PKSA-qtxz-zm3f-h177 CVE-2019-11201 GHSA-jwg3-v9xm-v6q9
Affected version: <=9.0.1
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerabilities
PKSA-xwpw-9pvj-cbzb CVE-2016-1912 GHSA-jh5p-wpg2-8rgv
Affected version: <=3.8.3
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-24nf-b1mt-jb72 CVE-2017-7887 GHSA-x2fq-gq6c-hp44
Affected version: <=4.0.4
Reported by:
GitHub -
[CRITICAL] Dolibarr ERP and CRM Insecure Encryption
PKSA-zrzn-23vb-jyzq CVE-2017-7888 GHSA-98vc-98q7-57qf
Affected version: <=4.0.4
Reported by:
GitHub -
[CRITICAL] Dolibarr ERP and CRM SQLi
PKSA-bpt3-29fv-69j8 CVE-2017-9435 GHSA-v3m8-7h3p-6j5m
Affected version: <5.0.3
Reported by:
GitHub -
[HIGH] Dolibarr ERP and CRM Unsafe File Upload Vulnerability
PKSA-g6m9-dzp4-8qsq CVE-2017-9840 GHSA-cwgm-qw8v-hrrg
Affected version: <=5.0.3
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection vulnerability in admin/menus/edit.php
PKSA-mdfd-8p2t-8qbz CVE-2017-14238 GHSA-qm8m-7626-762h
Affected version: <6.0.1
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-z5k9-fsvp-dz7q CVE-2017-14241 GHSA-h3vg-4x76-v28w
Affected version: <6.0.1
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection vulnerability in don/list.php
PKSA-86h6-yvnk-kbq6 CVE-2017-14242 GHSA-jjgq-jq8g-24w4
Affected version: <6.0.1
Reported by:
GitHub -
[HIGH] Dolibarr ERP and CRM Sensitive Data Disclosure
PKSA-whm7-xjwq-kb2d CVE-2017-14240 GHSA-p9wf-x8h5-44fr
Affected version: <=6.0.0
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection vulnerability in comm/multiprix.php
PKSA-r8bk-8q9z-vkg1 CVE-2017-17897 GHSA-9v7m-f3cv-68rw
Affected version: <6.0.5
Reported by:
GitHub -
[HIGH] Dolibarr sensitive information disclosure
PKSA-tdry-m1p5-3xc7 CVE-2017-17898 GHSA-jm38-vmgp-j7rx
Affected version: <=6.0.4
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection vulnerability in adherents/subscription/info.php
PKSA-b24z-bfjx-16dk CVE-2017-17899 GHSA-7789-v767-37r5
Affected version: <6.0.5
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection vulnerability in fourn/index.php
PKSA-81n6-86pq-91n4 CVE-2017-17900 GHSA-6frc-vfw9-wm27
Affected version: <6.0.5
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-x93f-p2m2-s25d CVE-2017-17971 GHSA-qjq9-wx5j-jrg6
Affected version: <=6.0.4
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-c9k9-bv9h-nfrd CVE-2017-1000509 GHSA-hqfh-p9h7-m6v5
Affected version: <7.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-rws6-d3z4-1xs3 CVE-2017-18259 GHSA-4323-cfj5-98mh
Affected version: <=7.0.0
Reported by:
GitHub -
[HIGH] Dolibarr SQL injection vulnerability
PKSA-3z8s-7dd9-9gxj CVE-2017-18260 GHSA-9986-6m4g-25f6
Affected version: <=7.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr Cross-Site Scripting (XSS) vulnerability
PKSA-md3q-177s-y5kc CVE-2017-9838 GHSA-726g-cgcq-4xw8
Affected version: <5.0.4
Reported by:
GitHub -
[HIGH] Dolibarr SQL injection via type parameter in product/stats/card.php
PKSA-djxb-2vdh-622y CVE-2017-9839 GHSA-84gh-4m36-cgqx
Affected version: <5.0.4
Reported by:
GitHub -
[MEDIUM] Dolibarr Cross-site scripting (XSS) vulnerability
PKSA-zrxp-ykzp-svgr CVE-2018-10095 GHSA-p2fm-8rhj-58fr
Affected version: <7.0.2
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection vulnerability
PKSA-7718-zg2s-2xbg CVE-2018-10094 GHSA-57wj-22w9-wm9r
Affected version: <7.0.2
Reported by:
GitHub -
[MEDIUM] Dolibarr stored cross-site scripting (XSS) vulnerability
PKSA-4ncd-1v8n-t1wc CVE-2018-19995 GHSA-3v8x-286h-9pxp
Affected version: <8.0.4
Reported by:
GitHub -
[MEDIUM] Dolibarr stored cross-site scripting (XSS) vulnerability
PKSA-94x5-5tq8-wmz5 CVE-2018-19992 GHSA-4xfw-599q-fmp6
Affected version: <8.0.4
Reported by:
GitHub -
[MEDIUM] Dolibarr reflected cross-site scripting (XSS) vulnerability
PKSA-x7ch-5v4k-63f1 CVE-2018-19993 GHSA-2gc5-3h3p-8vpf
Affected version: <8.0.4
Reported by:
GitHub -
[HIGH] Dolibarr error-based SQL injection vulnerability in product/card.php
PKSA-ddhn-f1t1-1nzp CVE-2018-19994 GHSA-78hj-952q-99rw
Affected version: <8.0.4
Reported by:
GitHub -
[HIGH] Dolibarr SQL injection vulnerability in user/card.php
PKSA-gc8c-jn24-mfc2 CVE-2018-19998 GHSA-97jv-2hp6-3frj
Affected version: <8.0.4
Reported by:
GitHub -
[MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
PKSA-42j8-qz4b-r131 CVE-2018-19799 GHSA-ggww-q2gv-m3g4
Affected version: <=8.0.3
Reported by:
GitHub -
[MEDIUM] Dolibarr Stored Cross-site Scripting in expensereport/card.php
PKSA-2cxv-fk9r-5bnm CVE-2018-16808 GHSA-r3r5-fqfm-9wrh
Affected version: <=7.0.0
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL injection via the integer parameters qty and value_unit
PKSA-zrs7-fc3k-cxwq CVE-2018-16809 GHSA-h34q-878w-w96r
Affected version: >=3.8,<=7.0.0
Reported by:
GitHub -
[HIGH] Dolibarr arbitrary commands execution
PKSA-j7rz-msb7-k8fy CVE-2018-10092 GHSA-6j62-m2vv-wc3m
Affected version: <7.0.2
Reported by:
GitHub -
[CRITICAL] Dolibarr SQL Injection vulnerability
PKSA-v5d8-c5k4-pc5y CVE-2018-9019 GHSA-fff9-m6f6-q3mh
Affected version: <7.0.2
Reported by:
GitHub -
[HIGH] SQL Injection in Dolibarr
PKSA-7hyc-8p7w-tx2z CVE-2021-36625 GHSA-vrgp-3ph6-2wwq
Affected version: <14.0.0
Reported by:
GitHub -
[HIGH] Access Control vulnerability in Dolibarr
PKSA-9gqb-jpxc-hzdt CVE-2021-37517 GHSA-xw7v-qrhc-jjg2
Affected version: <14.0.1
Reported by:
GitHub -
[HIGH] Code injection in dolibarr/dolibarr
PKSA-c6vz-7ss1-46ss CVE-2022-0819 GHSA-42qm-c3cf-9wv2
Affected version: <15.0.1
Reported by:
GitHub -
[MEDIUM] Logic error in dolibarr/dolibarr
PKSA-n91r-qpfg-6986 CVE-2022-0746 GHSA-8vq6-5f66-hp3r
Affected version: <16.0
Reported by:
GitHub -
[MEDIUM] Improper Authorization in dolibarr/dolibarr
PKSA-grdq-s436-n3jz CVE-2022-0731 GHSA-4xc7-x2jr-cr74
Affected version: <16.0
Reported by:
GitHub -
[MEDIUM] Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
PKSA-8bmy-9syy-8jvn CVE-2022-0414 GHSA-f768-8pvq-mm6r
Affected version: <=14.0.5
Reported by:
GitHub -
[HIGH] SQL Injection in dolibarr
PKSA-w8dx-f6mj-mt46 CVE-2022-0224 GHSA-j545-frh3-r9gq
Affected version: <=14.0.5
Reported by:
GitHub -
[MEDIUM] Logic error in dolibarr
PKSA-sc5b-g3wj-xw57 CVE-2022-0174 GHSA-8qvx-f5gf-g43v
Affected version: <15.0.0
Reported by:
GitHub -
[MEDIUM] Cross site scripting in dolibarr
PKSA-rk5y-hr58-nmpr CVE-2022-22293 GHSA-g5jm-xhwm-9xp9
Affected version: <13.0.0
Reported by:
GitHub -
[MEDIUM] Dolibarr Cross Site Scripting (XSS) vulnerability
PKSA-g9bb-rfmc-9cbr CVE-2021-42220 GHSA-jqfp-m5f8-vg28
Affected version: <14.0.3
Reported by:
GitHub -
[HIGH] Dolibarr vulnerable to Improper Authentication and Improper Access Control
PKSA-9kfk-35mx-vktx CVE-2021-25956 GHSA-fjqg-w8g6-hhq8
Affected version: >=3.3.beta1,<13.0.2
Reported by:
GitHub -
[HIGH] Weak Password Recovery Mechanism for Forgotten Password
PKSA-kb2t-w5sd-kvm6 CVE-2021-25957 GHSA-c32w-3cqh-f6jx
Affected version: <14.0.0
Reported by:
GitHub -
[CRITICAL] Dolibarr Cross-site Scripting vulnerability
PKSA-31hb-rcq2-13kf CVE-2021-25955 GHSA-cpv8-6xgr-rmf6
Affected version: >=2.8.1,<=13.0.2
Reported by:
GitHub -
[MEDIUM] Improper Access Control in Dolibarr
PKSA-kgzg-v22n-v1h7 CVE-2021-25954 GHSA-vxhc-c4qm-647p
Affected version: >=2.8.1,<14.0.0
Reported by:
GitHub -
[MEDIUM] XSS in Dolibarr
PKSA-jr5s-c522-x3zt CVE-2020-13094 GHSA-cxvr-r92m-q9hw
Affected version: <11.0.4
Reported by:
GitHub -
[MEDIUM] XSS in Dolibarr ERP & CRM
PKSA-wmff-7dtj-r9g8 CVE-2020-7996 GHSA-v384-jqmq-fc74
Affected version: <=10.0.6
Reported by:
GitHub -
[MEDIUM] Cross-site scripting in Dolibarr
PKSA-j76p-td9c-253d CVE-2019-16197 GHSA-m553-9wmx-533h
Affected version: <10.0.2
Reported by:
GitHub