Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40871 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-08-08 | N/A | 9.8 CRITICAL |
| Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. | |||||
| CVE-2022-43138 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-08-08 | N/A | 9.8 CRITICAL |
| Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. | |||||
| CVE-2018-13449 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | |||||
| CVE-2018-13450 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-09-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | |||||
| CVE-2018-13448 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | |||||