Dolibarr: >> Dolibarr Erp/crm >> 16.0.3 Security Vulnerabilities
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
CVSS Score
7.5
EPSS Score
0.511
Published
2023-11-01
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-10-30
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-01
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
CVSS Score
7.2
EPSS Score
0.504
Published
2023-09-20
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
CVSS Score
8.8
EPSS Score
0.03
Published
2023-09-20
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
CVSS Score
9.6
EPSS Score
0.05
Published
2023-09-20
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVSS Score
7.5
EPSS Score
0.898
Published
2023-06-13
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
CVSS Score
8.8
EPSS Score
0.894
Published
2023-05-29
Page 2