Analyzed
over 1 year
ago.
based on code collected
over 1 year
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2024-40137 | BDSA-2024-4699 | Jul 24, 2024 | Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the more... |
18.0.8, 18.0.7, 18.0.6, 19.0.1, 19.0.0, 18.0.5, 17.0.4, 18.0.4, 18.0.3, 18.0.2
|
|
| CVE-2024-37821 | BDSA-2024-3757 | Jun 18, 2024 | An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via more... |
18.0.8, 18.0.7, 18.0.6, 19.0.1, 19.0.0, 18.0.5, 17.0.4, 18.0.4, 18.0.3, 18.0.2
|
|
| CVE-2024-34051 | BDSA-2024-3364 | Jun 03, 2024 | A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to in more... |
18.0.8, 18.0.7, 18.0.6, 19.0.1, 19.0.0, 18.0.5, 17.0.4, 18.0.4, 18.0.3, 18.0.2
|
|
| CVE-2024-31503 | BDSA-2024-1512 | Apr 17, 2024 | Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF more... |
18.0.8, 18.0.7, 18.0.6, 19.0.0, 18.0.5, 17.0.4, 18.0.4, 18.0.3, 18.0.2, 18.0.1
|
|
| CVE-2024-29477 | BDSA-2024-0906 | High | Apr 03, 2024 | Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to exe more... |
18.0.8, 18.0.7, 18.0.6, 19.0.0, 18.0.5, 17.0.4, 18.0.4, 18.0.3, 18.0.2, 18.0.1
|
| CVE-2021-3991 | Medium | Nov 15, 2024 | An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception more... |
18.0.8, 18.0.7, 19.0.4, 18.0.6, 20.0.1, 20.0.0, 19.0.3, 19.0.2, 19.0.1, 19.0.0
|
|
| BDSA-2025-7221 | High | Jul 22, 2025 | Dolibarr is vulnerable to file inclusion due to an insufficient blacklist implementation in the menu adding functionality. A remote attacker with the a more... | ||
| BDSA-2025-0154 | Low | Jan 13, 2025 | Dolibarr contains a cross-site request forgery (CSRF) vulnerability when the `MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY` feature is turned on. An attacker more... | ||
| BDSA-2025-0153 | Low | Jan 13, 2025 | Dolibarr contains a cross-site request forgery (CSRF) vulnerability when the `MAIN_RESTRICTHTML_ONLY_VALID_HTML_TIDY` feature is turned on. An attacker more... |
