Shodan
Vulnerabilities
Vulnerable Software
Dolibarr:  >> Dolibarr  >> 2.6.0  Security Vulnerabilities
CVE-2021-42220
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-15
CVE-2020-14209
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
CVSS Score
8.8
EPSS Score
0.097
Published
2020-09-02
CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-08-21
CVE-2020-14443
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-18
CVE-2020-13094
Dolibarr before 11.0.4 allows XSS.
CVSS Score
5.4
EPSS Score
0.017
Published
2020-05-18
CVE-2020-12669
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-05-06
CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
CVSS Score
6.1
EPSS Score
0.035
Published
2018-12-26
CVE-2018-10092
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
CVSS Score
8.0
EPSS Score
0.004
Published
2018-05-22
CVE-2018-10094
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVSS Score
9.8
EPSS Score
0.744
Published
2018-05-22
CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
CVSS Score
6.1
EPSS Score
0.581
Published
2018-05-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved