CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...

CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

EUVD-2019-0756

Malware in sbrugna...

EUVD-2025-2117

Malicious code in bioql PyPI...

EUVD-2022-3314

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-16685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the Create/modify other users, groups and permissions...

CVE-2025-1356

A vulnerability was found in needyamin Library Card System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file card.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed...

CVE-2025-1356 needyamin Library Card System card.php sql injection

A vulnerability was found in needyamin Library Card System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file card.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed...

Reflected Cross Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to a Reflected Cross-site Scripting XSS. The vulnerability is due to improper input validation in htdocs/compta/paiement/card.php, allowing remote attackers to inject arbitrary web script or HTML via the facid parameter...

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in the idno parameter of the /card/in-card.php file in version 1.0 of the Library Management System, which c...

GHSA-GFHF-2XR5-2FVW Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS...

Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS...

Dolibarr stored Cross-site Scripting vulnerability

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

GHSA-M9Q9-4M25-23GC Dolibarr Cross-site Scripting in a User Profile in a Signature section

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

Dolibarr Cross Site Scripting (XSS)

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

GHSA-97FP-5M87-R9MF Dolibarr Cross Site Scripting (XSS)

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

Dolibarr ERP and CRM contain XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

GHSA-726G-CGCQ-4XW8 Dolibarr Cross-Site Scripting (XSS) vulnerability

Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...

Dolibarr SQL injection via type parameter in product/stats/card.php

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php type parameter...