Known Vulnerabilities for Dolibarr ERP/CRM by Dolibarr
Listed below are 10 of the newest known vulnerabilities associated with "Dolibarr ERP/CRM" by "Dolibarr".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34036 json | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2026-22666 json | Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standa... | Not Provided | 2026-04-07 | 2026-04-07 |
| CVE-2023-38888 json | Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive infor... | 9.6 - CRITICAL | 2023-09-20 | 2023-09-22 |
| CVE-2023-38887 json | File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obta... | 8.8 - HIGH | 2023-09-20 | 2023-09-22 |
| CVE-2023-38886 json | An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted ... | 7.2 - HIGH | 2023-09-20 | 2023-09-22 |
| CVE-2023-33568 json | An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's enti... | 7.5 - HIGH | 2023-06-13 | 2023-06-23 |
| CVE-2023-30253 json | Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: | 8.8 - HIGH | 2023-05-29 | 2023-06-05 |
| CVE-2023-5842 json | Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | 4.8 - MEDIUM | 2023-10-30 | 2023-11-07 |
| CVE-2023-5323 json | Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | 6.1 - MEDIUM | 2023-10-01 | 2023-10-02 |
| CVE-2023-4198 json | Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table con... | 6.5 - MEDIUM | 2023-11-01 | 2023-11-08 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dolibarr | Dolibarr Erp/crm | 9.0.3 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 9.0.2 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 9.0.1 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 9.0.0 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 8.0.5 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 8.0.4 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 8.0.3 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 8.0.2 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 8.0.1 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 8.0.0 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 7.0.5 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 7.0.4 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 7.0.3 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 7.0.2 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 7.0.1 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 7.0.0 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 6.0.8 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 6.0.7 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 6.0.6 | |||
| Application | Dolibarr | Dolibarr Erp/crm | 6.0.5 |