26 matches found
CVE-2025-69634
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...
EUVD-2022-3706
Malicious code in bioql PyPI...
EUVD-2022-1910
Malicious code in bioql PyPI...
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...
DynamicPHPCode Filtering Bypass leads to Remote Code Execution
Description The "Websites" module in Dolibarr CRM version 6.0.3 and below has "checkPHPCode" function check to ensure that the page not contains any malicious function. However, this funtion only check by using match word searching, that allows malicious authenticated user can bypass by using...
GHSA-25H3-MW3P-W8R7 Dolibarr CRM allows Privilege Escalation
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...
GHSA-HQFH-P9H7-M6V5 Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0...
Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...
CVE-2021-36625
Dolibarr ERP/CRM 13.0.2 is affected by an SQL Injection via a POST to the country_id parameter in an UPDATE statement. The vulnerability is documented as fixed in version 14.0.0. Public details (NVD/NVD-derived references) indicate CVSSv3.1 base score 8.8 (HIGH) with attack vector NETWORK and no ...
CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
Privilege escalation
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
UBUNTU-CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...
Cross site scripting
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...
CVE-2019-19206
Dolibarr ERP/CRM 10.0.3 is vulnerable to a stored XSS via viewimage.php?file=, caused by JavaScript execution in an SVG image used for a profile picture. This is a cross-site scripting issue documented across multiple sources (CVE-2019-19206). The provided connected documents confirm the affected...