Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.
Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in /dolibarr/commande/list.php.
Observed a HTML Injection vulnerbaility in the Home page of Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited …
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. …
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code …
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function because the application allows email addresses as usernames, which can cause a Denial of Service.
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
Business Logic Errors in Packagist dolibarr/dolibarr
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
dolibarr is vulnerable to Business Logic Errors
admin/limits.php in Dolibarr allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
Dolibarr ERP and CRM allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
The website builder module in Dolibarr allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Dolibarr is vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.
Admin level users can change other user's details but fails to validate already existing Login name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
In the editor module of the Dolibarr editor scripts are executed in a victim’s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a …
Dolibarr applications do not restrict, or incorrectly restricts, access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator should have rights to do, the affected field is in the /adherents/note.php?id=1 endpoint.
Dolibarr is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Dolibarr allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, an .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
Dolibarr is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
Dolibarr CRM allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which disabled is changed to enabled in the HTML source code.
A reflected cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML into public/notice.php.
An SQL injection vulnerability in accountancy/customer/card.php in Dolibarr allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
The DMS/ECM module in Dolibarr allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
The DMS/ECM module in Dolibarr renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. Rendering these files directly, may lead to XSS.
Dolibarr is vulnerable to XSS.
core/get_menudiv.php in Dolibarr allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
In Dolibarr, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools audit page. This may lead to stealing of the admin account.
In Dolibarr, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Dolibarr ERP/CRM allows SQL Injection.
Dolibarr ERP/CRM allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
Dolibarr ERP/CRM allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Dolibarr ERP/CRM has an Insufficient Filtering issue that can lead to user/card.php XSS.
Dolibarr allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
The htdocs/index.php?mainmenu=home login page in Dolibarr allows an unlimited rate of failed authentication attempts.
htdocs/user/passwordforgotten.php in Dolibarr allows XSS via the Referer HTTP header.
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to …
Dolibarr CRM/ERP allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
An issue was discovered in Dolibarr. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the Sender email field.
An issue was discovered in Dolibarr. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields Errors-To in emails sent)" field.
An issue was discovered in Dolibarr. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
There is HTML Injection in the Note field in Dolibarr ERP/CRM via user/note.php.
Dolibarr has a stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr has a stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Dolibarr has a stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr has a stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
In htdocs/societe/card.php in Dolibarr, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
An issue was discovered in Dolibarr. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)
Dolibarr is affected by a Cross Site Request Forgery vulnerability.
Dolibarr is affected by Cross Site Scripting (XSS) in htdocs/product/stats/card.php.
An issue was discovered in Dolibarr expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
An issue was discovered in Dolibarr There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
An error-based SQL injection vulnerability in product/card.php in Dolibarr allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
SQL injection vulnerability in user/card.php in Dolibarr allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
A stored cross-site scripting (XSS) vulnerability in Dolibarr allows remote authenticated users to inject arbitrary web script or HTML via the address (POST) or town (POST) parameter to user/card.php.
A stored cross-site scripting (XSS) vulnerability in Dolibarr allows remote authenticated users to inject arbitrary web script or HTML via the address (POST) or town (POST) parameter to adherents/type.php.
A reflected cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
Dolibarr is vulnerable to XSS in /exports/export.php.
SQL injection vulnerability in product/card.php in Dolibarr allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
An SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM allows remote attackers to execute arbitrary SQL commands via the statut parameter.
SQL injection vulnerability in product/card.php in Dolibarr allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
An SQL injection vulnerability in product/card.php in Dolibarr allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
SQL Injection vulnerability in Dolibarr allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
An SQL injection vulnerability in Dolibarr allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
A Cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
The admin panel in Dolibarr might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
Dolibarr ERP/CRM is affected by an SQL injection in versions via product/stats/card.php (type parameter).
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting vulnerabilities.
Dolibarr is affected by stored Cross-Site Scripting.
Dolibarr contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
The test_sql_and_script_inject function in htdocs/main blocks some event attributes but does not include onclick or onscroll, which allows XSS.
An SQL injection vulnerability in comm/multiprix allows remote attackers to execute arbitrary SQL commands via the id parameter.
An SQL injection vulnerability in fourn/index allows remote attackers to execute arbitrary SQL commands via the socid parameter.
An SQL injection vulnerability in adherents/subscription/info allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
Dolibarr does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
There is a SQL injection vulnerability in don/list.
Dolibarr contains an SQL injection vulnerability in admin/menus/edit.
There is a sensitive information disclosure vulnerability in dolibarr.
Multiple cross-site scripting vulnerabilities.
dolibarr is vulnerable to Cross-site scripting.
Dolibarr ERP/CRM allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
Dolibarr ERP/CRM is vulnerable to an SQL injection in user/index.php (search_supervisor and search_statut parameters).
Dolibarr has an SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
Dolibarr ERP/CRM stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
Dolibarr ERP/CRM allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
Dolibarr has an XSS in doli/societe/list.php via the sall parameter.
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM allow remote authenticated users to inject arbitrary web script or HTML via the parameters to htdocs/user/card.php.