Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.4 views

CVE-2020-7995

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts...

10CVSS7AI score0.04537EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2810

Malicious code in bioql PyPI...

8CVSS7.9AI score0.02043EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2025/05/22 11:14 p.m.4 views

CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...

5.4CVSS6.6AI score0.00744EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/06/13 3:15 p.m.43 views

CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists...

7.5CVSS7.1AI score0.1494EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2023/05/29 9:15 p.m.18 views

CVE-2023-30253

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

8.8CVSS7.8AI score0.79335EPSS
Exploits16References1
OSV
OSV
added 2022/05/24 4:57 p.m.11 views

GHSA-FVXR-767J-F28V Dolibarr stored Cross-site Scripting vulnerability

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS5.1AI score0.00782EPSS
Exploits1References3
Veracode
Veracode
added 2022/02/03 6:40 a.m.9 views

Business Logic Flaws

dolibarr has business logic flaws. The vulnerability exists due to a lack of sanitization of values for the Weight, Length x Width x Height, Area, Volume fields of a Product...

4.3CVSS0.9AI score0.00914EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2020/09/02 5:15 p.m.47 views

CVE-2020-14209

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control e.g., to let .noexe files be executed as PHP co...

8.8CVSS9AI score0.27482EPSS
Exploits4References3
Prion
Prion
added 2019/09/27 8:15 p.m.17 views

Cross site scripting

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

3.5CVSS5.1AI score0.00782EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder