2 matches found
CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...
Linux Distros Unpatched Vulnerability : CVE-2020-11823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin...