| CVE-2017-17900 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr SQL injection vulnerability in fourn/index.php |
|
| CVE-2017-17899 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr SQL injection vulnerability in adherents/subscription/info.php |
|
| CVE-2017-17897 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr SQL injection vulnerability in comm/multiprix.php |
|
| CVE-2017-14242 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr SQL injection vulnerability in don/list.php |
|
| CVE-2017-14238 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr SQL injection vulnerability in admin/menus/edit.php |
|
| CVE-2017-9435 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr ERP and CRM SQLi |
|
| CVE-2017-7888 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr ERP and CRM Insecure Encryption |
|
| CVE-2017-7886 |
critical |
9.8 |
9.8 |
9y ago |
Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter |
|
| CVE-2026-23500 |
critical |
9.1 |
9.1 |
1mo ago |
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration |
|
| CVE-2017-9840 |
high |
8.8 |
8.8 |
9y ago |
Dolibarr ERP and CRM Unsafe File Upload Vulnerability |
|
| CVE-2026-31019 |
high |
— |
8.0 |
1mo ago |
Dolibarr user with permission to edit PHP content can bypass filtering to restrict dangerous PHP functions |
|
| CVE-2017-17898 |
high |
7.5 |
7.5 |
9y ago |
Dolibarr sensitive information disclosure |
|
| CVE-2017-14240 |
high |
7.5 |
7.5 |
9y ago |
Dolibarr ERP and CRM Sensitive Data Disclosure |
|
| CVE-2017-8879 |
medium |
6.8 |
6.8 |
9y ago |
Dolibarr allows password changes without supplying the current password |
|
| CVE-2017-17971 |
medium |
6.1 |
6.1 |
9y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2017-7887 |
medium |
6.1 |
6.1 |
9y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2017-14241 |
medium |
5.4 |
5.4 |
9y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2017-14239 |
medium |
5.4 |
5.4 |
9y ago |
Dolibarr cross-site scripting (XSS) vulnerability |
|
| CVE-2016-1912 |
medium |
5.4 |
5.4 |
11y ago |
Dolibarr ERP and CRM contain XSS Vulnerabilities |
|
| CVE-2026-7688 |
medium |
5.0 |
5.0 |
25d ago |
Dolibarr has an Injection issue |
|
| CVE-2015-3935 |
medium |
— |
4.3 |
11y ago |
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability |
|
| CVE-2026-7689 |
low |
3.7 |
3.7 |
25d ago |
Dolibarr has Insufficient Verification of Data Authenticity |
|
| CVE-2026-31018 |
unknown |
— |
— |
1mo ago |
Dolibarr Allows Code Injection through its Website Module |
|
| CVE-2019-25710 |
unknown |
— |
— |
2mo ago |
Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php |
|
| CVE-2026-34036 |
unknown |
— |
— |
2mo ago |
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php |
|
| CVE-2025-56588 |
unknown |
— |
— |
8mo ago |
Dolibarr vulnerable to RCE via the computed field parameter |
|
| CVE-2024-55228 |
unknown |
— |
— |
1y ago |
Dolibarr Cross-site Scripting vulnerability |
|
| CVE-2024-55227 |
unknown |
— |
— |
1y ago |
Dolibarr Cross-site Scripting vulnerability |
|
| CVE-2021-3991 |
unknown |
— |
— |
2y ago |
Improper Authorization in dolibarr/dolibarr |
|
| CVE-2024-40137 |
unknown |
— |
— |
2y ago |
Dolibarr ERP CRM vulnerable to remote code execution (RCE) |
|
| CVE-2024-37821 |
unknown |
— |
— |
2y ago |
Dolibarr arbitrary file upload vulnerability |
|
| CVE-2024-34051 |
unknown |
— |
— |
2y ago |
Reflected Cross-Site Scripting (XSS) in Dolibarr |
|
| CVE-2024-5315 |
unknown |
— |
— |
2y ago |
Dolibarr vulnerable to SQL Injection |
|
| CVE-2024-5314 |
unknown |
— |
— |
2y ago |
Dolibarr vulnerable to SQL Injection |
|
| CVE-2024-23817 |
unknown |
— |
— |
2y ago |
Dolibarr Application Home Page has HTML injection vulnerability |
|
| CVE-2024-31503 |
unknown |
— |
— |
2y ago |
Dolibarr vulnerable to Cross-Site Request Forgery |
|
| CVE-2024-29477 |
unknown |
— |
— |
2y ago |
Dolibarr ERP CRM Code Injection vulnerability during installation |
|
| CVE-2023-4197 |
unknown |
— |
— |
3y ago |
Dolibarr Improper Input Validation vulnerability |
|
| CVE-2023-4198 |
unknown |
— |
— |
3y ago |
Dolibarr Improper Input Validation vulnerability |
|
| CVE-2023-5842 |
unknown |
— |
— |
3y ago |
Cross-site Scripting (XSS) in dolibarr/dolibarr |
|
| CVE-2023-5323 |
unknown |
— |
— |
3y ago |
Dolibarr Cross-site Scripting vulnerability |
|
| CVE-2023-38888 |
unknown |
— |
— |
3y ago |
Cross Site Scripting vulnerability in Dolibarr ERP CRM |
|
| CVE-2023-38887 |
unknown |
— |
— |
3y ago |
File Upload vulnerability in Dolibarr ERP CRM |
|
| CVE-2023-38886 |
unknown |
— |
— |
3y ago |
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script |
|
| CVE-2023-33568 |
unknown |
— |
— |
3y ago |
Dolibarr vulnerable to unauthenticated database access |
|
| CVE-2023-30253 |
unknown |
— |
— |
3y ago |
Dolibarr vulnerable to remote code execution via uppercase manipulation |
|
| CVE-2022-4093 |
unknown |
— |
— |
4y ago |
SQL injection in Dolibarr |
|
| CVE-2022-43138 |
unknown |
— |
— |
4y ago |
Dolibarr vulnerable to privilege escalation |
|
| CVE-2022-40871 |
unknown |
— |
— |
4y ago |
Dolibarr vulnerable to Eval Injection |
|
| CVE-2022-2060 |
unknown |
— |
— |
4y ago |
Cross site scripting in dolibarr |
|
| CVE-2022-30875 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Dolibarr |
|
| CVE-2021-33816 |
unknown |
— |
— |
4y ago |
Dolibarr remote PHP code execution |
|
| CVE-2021-33618 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2020-35136 |
unknown |
— |
— |
4y ago |
Dolibarr authenticated Remote Code Execution |
|
| CVE-2020-14209 |
unknown |
— |
— |
4y ago |
Dolibarr Unrestricted Upload of File with Dangerous Type |
|
| CVE-2020-13828 |
unknown |
— |
— |
4y ago |
Dolibarr stored Cross-Site Scripting (XSS) vulnerability |
|
| CVE-2020-14201 |
unknown |
— |
— |
4y ago |
Dolibarr CRM allows Privilege Escalation |
|
| CVE-2020-14475 |
unknown |
— |
— |
4y ago |
Dolibarr reflected cross-site scripting (XSS) vulnerability |
|
| CVE-2020-14443 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability in accountancy/customer/card.php |
|
| CVE-2020-13239 |
unknown |
— |
— |
4y ago |
Dolibarr Stored Cross-site Scripting via file upload |
|
| CVE-2020-13240 |
unknown |
— |
— |
4y ago |
Dolibarr Stored Cross-site Scripting |
|
| CVE-2020-12669 |
unknown |
— |
— |
4y ago |
Incorrect Authorization in Dolibarr |
|
| CVE-2020-11825 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-Site Request Forgery Vulnerability |
|
| CVE-2020-11823 |
unknown |
— |
— |
4y ago |
Dolibarr stored Cross-site Scripting vulnerability |
|
| CVE-2019-19211 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2019-19212 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php |
|
| CVE-2019-19210 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2019-19209 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM SQLi |
|
| CVE-2020-9016 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2020-7995 |
unknown |
— |
— |
4y ago |
Dolibarr Improper Restriction of Excessive Authentication Attempts |
|
| CVE-2020-7994 |
unknown |
— |
— |
4y ago |
Dolibarr cross-site scripting (XSS) vulnerability |
|
| CVE-2019-19206 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2019-17578 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site Scripting vulnerability |
|
| CVE-2019-17577 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site Scripting via outgoing email setup feature |
|
| CVE-2019-17576 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site Scripting via outgoing email setup feature |
|
| CVE-2019-17223 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM HTML Injection |
|
| CVE-2019-16687 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site Scripting in a User Profile in a Signature section |
|
| CVE-2019-16685 |
unknown |
— |
— |
4y ago |
Dolibarr stored Cross-site Scripting vulnerability |
|
| CVE-2019-16686 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site Scripting in a User Note section |
|
| CVE-2019-16688 |
unknown |
— |
— |
4y ago |
Dolibarr stored Cross-site Scripting in an Email Template section |
|
| CVE-2019-15062 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-Site Request Forgery (CSRF) |
|
| CVE-2019-11200 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM malicious executable loading |
|
| CVE-2019-11201 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM Code Injection |
|
| CVE-2019-1010054 |
unknown |
— |
— |
4y ago |
Dolibarr Cross Site Request Forgery (CSRF) |
|
| CVE-2019-1010016 |
unknown |
— |
— |
4y ago |
Dolibarr Cross Site Scripting (XSS) |
|
| CVE-2017-1000509 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2017-9839 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection via type parameter in product/stats/card.php |
|
| CVE-2017-9838 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-Site Scripting (XSS) vulnerability |
|
| CVE-2017-18260 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability |
|
| CVE-2017-18259 |
unknown |
— |
— |
4y ago |
Dolibarr ERP and CRM contain XSS Vulnerability |
|
| CVE-2018-10095 |
unknown |
— |
— |
4y ago |
Dolibarr Cross-site scripting (XSS) vulnerability |
|
| CVE-2018-10094 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability |
|
| CVE-2018-13448 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability in product/card.php |
|
| CVE-2018-13447 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability in product/card.php |
|
| CVE-2018-13450 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability in product/card.php |
|
| CVE-2018-13449 |
unknown |
— |
— |
4y ago |
Dolibarr SQL injection vulnerability in product/card.php |
|
| CVE-2018-19995 |
unknown |
— |
— |
4y ago |
Dolibarr stored cross-site scripting (XSS) vulnerability |
|
| CVE-2018-19993 |
unknown |
— |
— |
4y ago |
Dolibarr reflected cross-site scripting (XSS) vulnerability |
|
| CVE-2018-19992 |
unknown |
— |
— |
4y ago |
Dolibarr stored cross-site scripting (XSS) vulnerability |
|
| CVE-2018-19994 |
unknown |
— |
— |
4y ago |
Dolibarr error-based SQL injection vulnerability in product/card.php |
|