5 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-36625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 fixed version is 14.0.0 via a POST request to the countryid parameter in an UPDATE statement...
BIT-DOLIBARR-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...
CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...
PT-2021-20233 · Unknown · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP and CRM version 13.0.2 Description: The issue allows for stored cross-site scripting XSS in the object details of the user-management feature. This can be demonstrated by using and characters in the onpointermove attribute of a...
PT-2021-20331 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 13.0.2 Description: The website builder module in Dolibarr allows remote PHP code execution due to an incomplete protection mechanism. Specifically, while system, exec, and shell exec are blocked, backticks are not blocked,...