Shodan
Vulnerabilities
Vulnerable Software
Dolibarr:  >> Dolibarr Erp/crm  Security Vulnerabilities
CVE-2020-11823
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-16
CVE-2020-11825
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-04-16
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-16
CVE-2020-7994
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-01-26
CVE-2020-7995
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-26
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-26
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
CVSS Score
5.4
EPSS Score
0.007
Published
2019-11-26
CVE-2013-2092
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-11-20
CVE-2013-2093
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.038
Published
2019-11-20
CVE-2013-2091
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-11-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved