Dolibarr Dolibarr vulnerabilities
11 known vulnerabilities affecting dolibarr/dolibarr_dolibarr.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2022-0819P2HIGHCVSS 8.8≥ unspecified, < 15.0.12022-03-02
CVE-2022-0819 [HIGH] CWE-94 CVE-2022-0819: Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
nvd
CVE-2022-4093P3CRITICALCVSS 9.8≥ unspecified, < 16.0.32022-11-21
CVE-2022-4093 [CRITICAL] CWE-89 CVE-2022-4093: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor
nvd
CVE-2022-0224P3CRITICALCVSS 9.8≥ unspecified, < 14.0.62022-01-14
CVE-2022-0224 [CRITICAL] CWE-89 CVE-2022-0224: dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
nvd
CVE-2022-0731P4MEDIUMCVSS 6.5≥ unspecified, < 16.02022-02-23
CVE-2022-0731 [MEDIUM] CWE-284 CVE-2022-0731: Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
nvd
CVE-2023-5323P4MEDIUMCVSS 6.1≥ unspecified, < 18.02023-10-01
CVE-2023-5323 [MEDIUM] CWE-79 CVE-2023-5323: Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
nvd
CVE-2022-2060P4MEDIUMCVSS 5.4≥ unspecified, < 16.02022-06-13
CVE-2022-2060 [MEDIUM] CWE-79 CVE-2022-2060: Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
nvd
CVE-2021-3991P4MEDIUMCVSS 4.3≥ unspecified, < develop2024-11-15
CVE-2021-3991 [MEDIUM] CWE-285 CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
nvd
CVE-2022-0174P4MEDIUMCVSS 4.3≥ unspecified, < develop2022-01-10
CVE-2022-0174 [MEDIUM] CWE-1284 CVE-2022-0174: Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
nvd
CVE-2023-5842P4MEDIUMCVSS 4.8≥ unspecified, < 16.0.52023-10-30
CVE-2023-5842 [MEDIUM] CWE-79 CVE-2023-5842: Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
nvd
CVE-2022-0414P4MEDIUMCVSS 4.3≥ unspecified, < 16.02022-01-31
CVE-2022-0414 [MEDIUM] CWE-1284 CVE-2022-0414: Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
nvd
CVE-2022-0746P4MEDIUMCVSS 4.3≥ unspecified, < 16.02022-02-25
CVE-2022-0746 [MEDIUM] CWE-840 CVE-2022-0746: Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
nvd