Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2018-25357 |
|
Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
|
| CVE-2025-67486 |
|
Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31019 |
|
OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31018 |
|
Code Injection in dolibarr (CVE-2026-31018)
code injection in dolibarr (CVE-2026-31018). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56588 |
|
Code Injection in dolibarr (CVE-2025-56588)
code injection in dolibarr (CVE-2025-56588). Successful exploitation can lead to full system takeover.
|
| CVE-2024-37821 |
|
Code Injection in dolibarr (CVE-2024-37821)
code injection in dolibarr (CVE-2024-37821). Successful exploitation can lead to full system takeover.
|
| CVE-2024-29477 |
|
Code Injection in dolibarr (CVE-2024-29477)
code injection in dolibarr (CVE-2024-29477). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38888 |
|
Cross-Site Scripting (XSS) in dolibarr (CVE-2023-38888)
cross-site scripting in dolibarr (CVE-2023-38888). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38887 |
|
Unrestricted File Upload in dolibarr (CVE-2023-38887)
vulnerability in dolibarr (CVE-2023-38887). Successful exploitation can lead to full system takeover.
|
| CVE-2023-38886 |
|
OS Command Injection in dolibarr (CVE-2023-38886)
OS command injection in dolibarr (CVE-2023-38886). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17971 |
|
Cross-Site Scripting (XSS) in dolibarr (CVE-2017-17971)
cross-site scripting in dolibarr (CVE-2017-17971). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17900 |
|
SQL Injection in sqli (CVE-2017-17900)
SQL injection in sqli (CVE-2017-17900). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17899 |
|
SQL Injection in sqli (CVE-2017-17899)
SQL injection in sqli (CVE-2017-17899). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17898 |
|
Information Disclosure in dolibarr (CVE-2017-17898)
vulnerability in dolibarr (CVE-2017-17898). Confidential information can be exposed externally.
|
| CVE-2017-17897 |
|
SQL Injection in sqli (CVE-2017-17897)
SQL injection in sqli (CVE-2017-17897). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8879 |
|
Authentication Bypass in dolibarr (CVE-2017-8879)
authentication bypass in dolibarr (CVE-2017-8879). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7888 |
|
Vulnerability in dolibarr (CVE-2017-7888)
vulnerability in dolibarr (CVE-2017-7888). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7887 |
|
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
|
| CVE-2017-7886 |
|
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
|