Lucene search
+L

2279 matches found

OSV
OSV
added 2026/05/03 10:16 a.m.5 views

UBUNTU-CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5AI score0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/03 9:30 a.m.3 views

CVE-2026-7689 Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 9:30 a.m.3 views

CVE-2026-7689

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/03 9:30 a.m.18 views

EUVD-2026-26827

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 9:30 a.m.42 views

CVE-2026-7689

Dolibarr ERP/CRM (up to 23.0.2) is affected by a vulnerability in the Online Signature Module versioning, where dol_verifyHash in htdocs/core/lib/security.lib.php mishandles cryptographic signature verification. This allows a remote attacker to potentially leverage a flawed signature check; explo...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 9:30 a.m.60 views

CVE-2026-7689 Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS0.00145EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 9:15 a.m.7 views

CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/03 9:15 a.m.5 views

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/03 9:15 a.m.10 views

EUVD-2026-26826

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/03 9:15 a.m.52 views

CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS0.00221EPSS
Exploits0References3
CVE
CVE
added 2026/05/03 9:15 a.m.33 views

CVE-2026-7688

Dolibarr ERP CRM (up to 23.0.2) contains a SQL injection in Shipments API Endpoint, via _checkValForAPI in htdocs/expedition/class/expedition.class.php. The vulnerability allows remote access with high attack complexity and LOW impact on confidentiality/integrity/availability; exploit maturity is...

5CVSS5.5AI score0.00221EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Dolibarr ERP CRM 注入漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...

5CVSS6AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Dolibarr ERP CRM 数据伪造问题漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contained a data manipulation vulnerability. This vulnerability stemmed from a function in the Online Signature Module’s htdocs/core/lib/security.lib.php...

6.3CVSS5.7AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.19 views

PT-2026-36693

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

6.3CVSS5.1AI score0.00145EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to syst...

8.8CVSS6.7AI score0.00572EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters,...

8.8CVSS5.7AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 3:32 p.m.13 views

EUVD-2026-24134

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS5.8AI score0.00273EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 3:32 p.m.6 views

EUVD-2026-24135

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

8.8CVSS6.8AI score0.00572EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 3:32 p.m.6 views

GHSA-676V-WH57-P375 Dolibarr Allows Code Injection through its Website Module

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS5.9AI score0.00273EPSS
Exploits0References6
OSV
OSV
added 2026/04/21 3:32 p.m.5 views

GHSA-J2G9-RPRV-HRHC Dolibarr user with permission to edit PHP content can bypass filtering to restrict dangerous PHP functions

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

8.8CVSS6.7AI score0.00572EPSS
Exploits0References4
Rows per page
Query Builder