Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp/crm
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47779 | 1 Dolibarr | 3 Dolibarr, Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-02-27 | 7.2 High |
| Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation. | ||||
| CVE-2019-25450 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-02-25 | 7.1 High |
| Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques. | ||||
| CVE-2019-25452 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-02-25 | 8.2 High |
| Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques. | ||||
| CVE-2012-10059 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp/crm | 2025-11-20 | N/A |
| Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | ||||
| CVE-2025-56588 | 1 Dolibarr | 3 Dolibarr, Dolibarr Erp/crm, Dolibarr Erp\/crm | 2025-10-22 | 8.8 High |
| Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter. | ||||
Page 1 of 1.