Dolibarr is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Dolibarr allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, an .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
Dolibarr is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
Dolibarr CRM allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which disabled is changed to enabled in the HTML source code.
A reflected cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML into public/notice.php.
An SQL injection vulnerability in accountancy/customer/card.php in Dolibarr allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
The DMS/ECM module in Dolibarr allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
The DMS/ECM module in Dolibarr renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. Rendering these files directly, may lead to XSS.
Dolibarr is vulnerable to XSS.
core/get_menudiv.php in Dolibarr allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
In Dolibarr, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools audit page. This may lead to stealing of the admin account.
In Dolibarr, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Dolibarr ERP/CRM allows SQL Injection.
Dolibarr ERP/CRM allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
Dolibarr ERP/CRM allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Dolibarr ERP/CRM has an Insufficient Filtering issue that can lead to user/card.php XSS.
Dolibarr allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
The htdocs/index.php?mainmenu=home login page in Dolibarr allows an unlimited rate of failed authentication attempts.
htdocs/user/passwordforgotten.php in Dolibarr allows XSS via the Referer HTTP header.
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to …