CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dolibarr: >> Dolibarr >> 3.8.3 Security Vulnerabilities

CVE-2018-9019

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.

CVSS Score

9.8

EPSS Score

0.02

Published

2018-05-22

CVE-2017-9840

Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.

CVSS Score

8.8

EPSS Score

0.007

Published

2017-06-25

CVE-2017-9435

Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).

CVSS Score

9.8

EPSS Score

0.003

Published

2017-06-05

Page 3

Vulnerabilities

Vulnerable Software

Dolibarr: >> Dolibarr >> 3.8.3 Security Vulnerabilities

Products

Pricing

Contact Us