Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: dolibarr-erpcrm Clear
ID Title
CVE-2018-25357 Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
CVE-2025-67486 Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
CVE-2026-31019 OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
CVE-2026-31018 Code Injection in dolibarr (CVE-2026-31018)
code injection in dolibarr (CVE-2026-31018). Successful exploitation can lead to full system takeover.
CVE-2025-56588 Code Injection in dolibarr (CVE-2025-56588)
code injection in dolibarr (CVE-2025-56588). Successful exploitation can lead to full system takeover.
CVE-2024-37821 Code Injection in dolibarr (CVE-2024-37821)
code injection in dolibarr (CVE-2024-37821). Successful exploitation can lead to full system takeover.
CVE-2024-29477 Code Injection in dolibarr (CVE-2024-29477)
code injection in dolibarr (CVE-2024-29477). Successful exploitation can lead to full system takeover.
CVE-2023-38888 Cross-Site Scripting (XSS) in dolibarr (CVE-2023-38888)
cross-site scripting in dolibarr (CVE-2023-38888). Successful exploitation can lead to full system takeover.
CVE-2023-38887 Unrestricted File Upload in dolibarr (CVE-2023-38887)
vulnerability in dolibarr (CVE-2023-38887). Successful exploitation can lead to full system takeover.
CVE-2023-38886 OS Command Injection in dolibarr (CVE-2023-38886)
OS command injection in dolibarr (CVE-2023-38886). Successful exploitation can lead to full system takeover.
CVE-2017-17971 Cross-Site Scripting (XSS) in dolibarr (CVE-2017-17971)
cross-site scripting in dolibarr (CVE-2017-17971). Risk of unauthorized operations or information disclosure.
CVE-2017-17900 SQL Injection in sqli (CVE-2017-17900)
SQL injection in sqli (CVE-2017-17900). Successful exploitation can lead to full system takeover.
CVE-2017-17899 SQL Injection in sqli (CVE-2017-17899)
SQL injection in sqli (CVE-2017-17899). Successful exploitation can lead to full system takeover.
CVE-2017-17898 Information Disclosure in dolibarr (CVE-2017-17898)
vulnerability in dolibarr (CVE-2017-17898). Confidential information can be exposed externally.
CVE-2017-17897 SQL Injection in sqli (CVE-2017-17897)
SQL injection in sqli (CVE-2017-17897). Successful exploitation can lead to full system takeover.
CVE-2017-8879 Authentication Bypass in dolibarr (CVE-2017-8879)
authentication bypass in dolibarr (CVE-2017-8879). Successful exploitation can lead to full system takeover.
CVE-2017-7888 Vulnerability in dolibarr (CVE-2017-7888)
vulnerability in dolibarr (CVE-2017-7888). Successful exploitation can lead to full system takeover.
CVE-2017-7887 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVE-2017-7886 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →