threat
engine
.sh
Back
·
··:··
Home
/
Product
/
dolibarr erp\/crm
Product
dolibarr erp\/crm
137 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-67486
<= 22.0.2
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and
7.2
HIGH
CVE-2026-31019
<= 22.0.4
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous
8.8
HIGH
CVE-2026-31018
<= 22.0.4
In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consis
8.8
HIGH
CVE-2026-23500
< 23.0.0
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior t
9.1
CRITICAL
CVE-2019-25710
<= 8.0.4
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a
8.2
HIGH
CVE-2026-22666
< 23.0.2
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard()
7.2
HIGH
CVE-2026-34036
<= 22.0.4
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4
6.5
MEDIUM
CVE-2019-25452
all versions
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allo
7.5
HIGH
CVE-2019-25450
all versions
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database
7.5
HIGH
CVE-2021-47779
all versions
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privile
5.4
MEDIUM
CVE-2025-56588
all versions
Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration
8.8
HIGH
CVE-2024-55228
all versions
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary we
9.0
CRITICAL
CVE-2024-55227
all versions
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitr
9.0
CRITICAL
CVE-2021-3991
< 20.0.2
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissi
4.3
MEDIUM
CVE-2024-37821
< 19.0.2
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execu
8.8
HIGH
CVE-2024-5315
all versions
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remot
9.1
CRITICAL
CVE-2024-5314
all versions
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remot
9.1
CRITICAL
CVE-2024-31503
< 19.0.1
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' ses
7.5
HIGH
CVE-2024-29477
< 19.0.1
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access
8.8
HIGH
CVE-2024-23817
all versions
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has
7.1
HIGH
CVE-2023-4198
<= 17.0.3
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containi
6.5
MEDIUM
CVE-2023-4197
<= 18.0.1
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a
7.5
HIGH
CVE-2023-5842
< 16.0.5
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
4.8
MEDIUM
CVE-2023-5323
< 18.0
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
6.1
MEDIUM
CVE-2023-38888
<= 17.0.1
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive informatio
9.6
CRITICAL
CVE-2023-38887
<= 17.0.1
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain se
8.8
HIGH
CVE-2023-38886
<= 17.0.1
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted comma
7.2
HIGH
CVE-2023-33568
>= 16.0.0 and < 16.0.5
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire cu
7.5
HIGH
CVE-2023-30253
< 17.0.1
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php
8.8
HIGH
CVE-2022-4093
all versions
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal use
9.8
CRITICAL
CVE-2022-43138
< 14.0.1
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
9.8
CRITICAL
CVE-2022-40871
<= 15.0.3
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page o
9.8
CRITICAL
CVE-2022-2060
< 16.0.0
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
5.4
MEDIUM
CVE-2022-30875
all versions
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
6.1
MEDIUM
CVE-2021-37517
all versions
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase
7.5
HIGH
CVE-2021-36625
all versions
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id pa
8.8
HIGH
CVE-2022-0819
< 15.0.1
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
8.8
HIGH
CVE-2022-0746
< 16.0.0
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
4.3
MEDIUM
CVE-2022-0731
< 16.0.0
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
6.5
MEDIUM
CVE-2022-0414
< 16.0.0
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
4.3
MEDIUM
CVE-2022-0224
< 15.0.0
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
9.8
CRITICAL
CVE-2022-0174
< 15.0.0
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
4.3
MEDIUM
CVE-2022-22293
all versions
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
5.4
MEDIUM
CVE-2021-42220
< 14.0.3
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires th
5.4
MEDIUM
CVE-2021-33816
all versions
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in wh
9.8
CRITICAL
CVE-2021-33618
all versions
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of
6.1
MEDIUM
CVE-2021-25957
>= 2.8.1 and <= 13.0.2
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privil
8.8
HIGH
CVE-2021-25956
all versions
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user
4.7
MEDIUM
CVE-2021-25955
>= 2.8.1 and <= 13.0.2
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low pri
9.0
CRITICAL
CVE-2021-25954
>= 2.8.1 and <= 13.0.4
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized
4.3
MEDIUM
CVE-2020-35136
all versions
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manip
7.2
HIGH
CVE-2020-14209
< 11.0.5
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This oc
8.8
HIGH
CVE-2020-13828
all versions
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated at
5.4
MEDIUM
CVE-2020-14201
< 11.0.5
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files
6.5
MEDIUM
CVE-2020-14475
all versions
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or
6.1
MEDIUM
CVE-2020-14443
<= 11.0.3
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arb
8.8
HIGH
CVE-2020-13240
all versions
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to h
5.4
MEDIUM
CVE-2020-13239
all versions
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed fr
5.4
MEDIUM
CVE-2020-13094
< 11.0.4
Dolibarr before 11.0.4 allows XSS.
5.4
MEDIUM
CVE-2020-12669
< 11.0.4
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a
8.8
HIGH
CVE-2020-11825
all versions
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's sessio
8.8
HIGH
CVE-2020-11823
all versions
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may
5.4
MEDIUM
CVE-2019-19212
>= 3.0.0 and <= 10.0.3
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
9.8
CRITICAL
CVE-2019-19211
>= 3.0.0 and < 10.0.4
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
6.1
MEDIUM
CVE-2019-19210
>= 3.0.0 and < 10.0.3
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe
5.4
MEDIUM
CVE-2019-19209
>= 3.0.0 and < 10.0.3
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
7.5
HIGH
CVE-2020-9016
all versions
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
5.4
MEDIUM
CVE-2020-7996
all versions
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
6.1
MEDIUM
CVE-2020-7995
all versions
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
9.8
CRITICAL
CVE-2020-7994
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HT
6.1
MEDIUM
CVE-2019-19206
all versions
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
5.4
MEDIUM
CVE-2013-2093
all versions
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to
9.8
CRITICAL
CVE-2013-2092
all versions
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.l
6.1
MEDIUM
CVE-2013-2091
all versions
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' par
9.8
CRITICAL
CVE-2019-17578
all versions
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit U
5.4
MEDIUM
CVE-2019-17577
all versions
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit U
5.4
MEDIUM
CVE-2019-17576
all versions
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit
5.4
MEDIUM
CVE-2019-17223
all versions
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
6.1
MEDIUM
CVE-2019-16688
all versions
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to
5.4
MEDIUM
CVE-2019-16687
all versions
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, gr
5.4
MEDIUM
CVE-2019-16686
all versions
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
5.4
MEDIUM
CVE-2019-16685
all versions
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other
5.4
MEDIUM
CVE-2019-16197
all versions
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain t
6.1
MEDIUM
CVE-2019-15062
all versions
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in
8.0
HIGH
CVE-2019-11201
all versions
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was
8.0
HIGH
CVE-2019-11200
all versions
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the applicat
8.8
HIGH
CVE-2019-11199
all versions
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScri
5.4
MEDIUM
CVE-2019-1010054
all versions
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, dis
8.8
HIGH
CVE-2019-1010016
all versions
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/
6.1
MEDIUM
CVE-2018-16809
>= 3.8.0 and <= 7.0.0
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via t
9.8
CRITICAL
CVE-2018-16808
>= 3.8.0 and <= 7.0.0
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via
6.1
MEDIUM
CVE-2018-19998
all versions
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL
8.8
HIGH
CVE-2018-19995
all versions
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web scri
5.4
MEDIUM
CVE-2018-19994
all versions
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to exec
8.8
HIGH
CVE-2018-19993
all versions
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or H
6.1
MEDIUM
CVE-2018-19992
all versions
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web scri
5.4
MEDIUM
CVE-2018-19799
<= 8.0.3
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
6.1
MEDIUM
CVE-2018-13450
all versions
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL
9.8
CRITICAL
CVE-2018-13449
all versions
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL
9.8
CRITICAL
CVE-2018-13448
all versions
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL
9.8
CRITICAL
CVE-2018-13447
all versions
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL
9.8
CRITICAL
CVE-2018-9019
< 7.0.2
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sor
9.8
CRITICAL
CVE-2018-10095
< 7.0.2
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML v
6.1
MEDIUM
CVE-2018-10094
< 7.0.2
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involvi
9.8
CRITICAL
CVE-2018-10092
< 7.0.2
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for upda
8.0
HIGH
CVE-2017-9839
< 5.0.4
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
8.8
HIGH
CVE-2017-9838
< 5.0.4
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php
5.4
MEDIUM
CVE-2017-18260
<= 7.0.0
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewsta
8.8
HIGH
CVE-2017-18259
<= 7.0.0
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
5.4
MEDIUM
CVE-2017-1000509
all versions
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of java
5.4
MEDIUM
CVE-2017-17971
all versions
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither
6.1
MEDIUM
CVE-2017-17900
all versions
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL
9.8
CRITICAL
CVE-2017-17899
all versions
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execut
9.8
CRITICAL
CVE-2017-17898
all versions
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitiv
7.5
HIGH
CVE-2017-17897
all versions
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary S
9.8
CRITICAL
CVE-2017-14242
all versions
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands vi
9.8
CRITICAL
CVE-2017-14241
all versions
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web scrip
5.4
MEDIUM
CVE-2017-14240
all versions
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter
7.5
HIGH
CVE-2017-14239
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary
5.4
MEDIUM
CVE-2017-14238
all versions
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary
9.8
CRITICAL
CVE-2017-9840
<= 5.0.3
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code
8.8
HIGH
CVE-2017-9435
<= 5.0.2
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
9.8
CRITICAL
CVE-2017-8879
all versions
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proxim
6.8
MEDIUM
CVE-2017-7888
all versions
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
9.8
CRITICAL
CVE-2017-7887
all versions
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
6.1
MEDIUM
CVE-2017-7886
all versions
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
9.8
CRITICAL
CVE-2016-1912
<= 3.8.2
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary
5.4
MEDIUM
CVE-2015-8685
<= 3.8.2
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitra
6.1
MEDIUM
CVE-2015-3935
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web
CVE-2014-7137
<= 3.6.0
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL
CVE-2014-3992
all versions
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL command
CVE-2014-3991
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web scrip
CVE-2012-1226
all versions
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possib
CVE-2012-1225
<= 3.2.0
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitra
CVE-2011-4814
<= 3.1.0
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arb
CVE-2011-4802
<= 3.1.0
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbit
CVE-2011-4329
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin