Lucene search
+L

6 matches found

snyk
snyk
added 2025/07/21 7:29 p.m.1 views

PHP Remote File Inclusion

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to PHP Remote File Inclusion in the perms process of menu creation and editing, where user-supplied input is evaluated without sufficient filtering of...

8.8CVSS7.6AI score
Exploits0References2
osv
osv
added 2025/07/21 7:29 p.m.2 views

GHSA-49XW-HW94-FMV2 Dolibarr has Remote Code Execution Vulnerability (Bypass)

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

8.8CVSS8.8AI score
Exploits0References4
github
github
added 2025/07/21 7:29 p.m.24 views

Dolibarr has Remote Code Execution Vulnerability (Bypass)

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

8.8AI score
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2025/07/21 12:0 a.m.8 views

PT-2025-31592 · Packagist · Dolibarr/Dolibarr

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

8.8CVSS8.8AI score
Exploits0References5
mskb
mskb
added 2018/08/14 7:0 a.m.312 views

Description of the security update for SharePoint Enterprise Server 2016: August 14, 2018

None None...

5.5CVSS6.5AI score0.08247EPSS
Exploits0
drupal
drupal
added 2008/09/24 12:0 a.m.13 views

SA-2008-055 - Stock - Cross site scripting

The stock module provides the ability to query price quotes and trading volumes from various stock markets. An oversight in the menu permissions code allows any user to change the text of the heading at the top of the stock quotes page. As this text is not escaped, it is safe only for an...

6AI score
Exploits0References5
Rows per page
Query Builder