Dolibarr: Security Vulnerabilities
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
CVSS Score
8.8
EPSS Score
0.097
Published
2020-09-02
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-08-31
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-08-21
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-19
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-18
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-20
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-20
Dolibarr before 11.0.4 allows XSS.
CVSS Score
5.4
EPSS Score
0.017
Published
2020-05-18
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-05-06
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-16