Dolibarr Dolibarr vulnerabilities

11 known vulnerabilities affecting dolibarr/dolibarr_dolibarr.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2021-3991MEDIUMCVSS 4.3≥ unspecified, < develop2024-11-15
CVE-2021-3991 [MEDIUM] CWE-285 CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
cvelistv5nvd
CVE-2023-5842MEDIUMCVSS 4.8≥ unspecified, < 16.0.52023-10-30
CVE-2023-5842 [MEDIUM] CWE-79 CVE-2023-5842: Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
cvelistv5nvd
CVE-2023-5323MEDIUMCVSS 6.1≥ unspecified, < 18.02023-10-01
CVE-2023-5323 [MEDIUM] CWE-79 CVE-2023-5323: Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
cvelistv5nvd
CVE-2022-4093CRITICALCVSS 9.8≥ unspecified, < 16.0.32022-11-21
CVE-2022-4093 [CRITICAL] CWE-89 CVE-2022-4093: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor
cvelistv5nvd
CVE-2022-2060MEDIUMCVSS 5.4≥ unspecified, < 16.02022-06-13
CVE-2022-2060 [MEDIUM] CWE-79 CVE-2022-2060: Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
cvelistv5nvd
CVE-2022-0819HIGHCVSS 8.8≥ unspecified, < 15.0.12022-03-02
CVE-2022-0819 [HIGH] CWE-94 CVE-2022-0819: Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
cvelistv5nvd
CVE-2022-0746MEDIUMCVSS 4.3≥ unspecified, < 16.02022-02-25
CVE-2022-0746 [MEDIUM] CWE-840 CVE-2022-0746: Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
cvelistv5nvd
CVE-2022-0731MEDIUMCVSS 6.5≥ unspecified, < 16.02022-02-23
CVE-2022-0731 [MEDIUM] CWE-284 CVE-2022-0731: Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
cvelistv5nvd
CVE-2022-0414MEDIUMCVSS 4.3≥ unspecified, < 16.02022-01-31
CVE-2022-0414 [MEDIUM] CWE-1284 CVE-2022-0414: Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
cvelistv5nvd
CVE-2022-0224CRITICALCVSS 9.8≥ unspecified, < 14.0.62022-01-14
CVE-2022-0224 [CRITICAL] CWE-89 CVE-2022-0224: dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
cvelistv5nvd
CVE-2022-0174MEDIUMCVSS 4.3≥ unspecified, < develop2022-01-10
CVE-2022-0174 [MEDIUM] CWE-1284 CVE-2022-0174: Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
cvelistv5nvd