Dolibarr: >> Dolibarr Erp/crm Security Vulnerabilities
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-02-09
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-12-29
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-27
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-27
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-27
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-12-27
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-05-10
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-05-10
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-05-10