Dolibarr: >> Dolibarr Erp/crm >> 16.0.4 Security Vulnerabilities
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
CVSS Score
9.6
EPSS Score
0.03
Published
2023-09-20
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVSS Score
7.5
EPSS Score
0.726
Published
2023-06-13
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
CVSS Score
8.8
EPSS Score
0.881
Published
2023-05-29
Page 2