Shodan
Vulnerabilities
Vulnerable Software
Dolibarr:  >> Dolibarr  >> 3.2.1  Security Vulnerabilities
CVE-2019-19209
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-03-16
CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-03-16
CVE-2019-19211
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-03-16
CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
CVSS Score
6.1
EPSS Score
0.035
Published
2018-12-26
CVE-2018-10092
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
CVSS Score
8.0
EPSS Score
0.004
Published
2018-05-22
CVE-2018-10094
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVSS Score
9.8
EPSS Score
0.744
Published
2018-05-22
CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
CVSS Score
6.1
EPSS Score
0.581
Published
2018-05-22
CVE-2018-9019
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
CVSS Score
9.8
EPSS Score
0.02
Published
2018-05-22
CVE-2017-9840
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-06-25
CVE-2017-9435
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved