Shodan
Vulnerabilities
Vulnerable Software
Dolibarr:  >> Dolibarr Erp/crm  >> 10.0.1  Security Vulnerabilities
CVE-2024-31503
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-17
CVE-2024-29477
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-04-03
CVE-2023-4198
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-01
CVE-2023-4197
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
CVSS Score
7.5
EPSS Score
0.533
Published
2023-11-01
CVE-2023-5842
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-10-30
CVE-2023-5323
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-01
CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
CVSS Score
7.2
EPSS Score
0.504
Published
2023-09-20
CVE-2023-38887
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
CVSS Score
8.8
EPSS Score
0.03
Published
2023-09-20
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
CVSS Score
9.6
EPSS Score
0.05
Published
2023-09-20
CVE-2023-30253
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
CVSS Score
8.8
EPSS Score
0.892
Published
2023-05-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved