Known Vulnerabilities for Dolibarr by Dolibarr
Listed below are 10 of the newest known vulnerabilities associated with "Dolibarr" by "Dolibarr".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34036 | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2022-22293 | admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. | 5.4 - MEDIUM | 2022-01-02 | 2022-11-17 |
| CVE-2022-0414 | Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. | 4.3 - MEDIUM | 2022-01-31 | 2023-06-29 |
| CVE-2022-0224 | dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | 9.8 - CRITICAL | 2022-01-14 | 2022-11-17 |
| CVE-2022-0174 | Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. | 4.3 - MEDIUM | 2022-01-10 | 2023-08-02 |
| CVE-2021-33816 | The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism ... | 9.8 - CRITICAL | 2021-11-10 | 2022-11-17 |
| CVE-2021-33618 | Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribu... | 6.1 - MEDIUM | 2021-11-10 | 2022-11-17 |
| CVE-2021-25957 | In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low p... | 8.8 - HIGH | 2021-08-17 | 2021-08-24 |
| CVE-2021-25956 | In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other ... | 7.2 - HIGH | 2021-08-17 | 2022-11-17 |
| CVE-2021-25955 | In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows lo... | 9 - CRITICAL | 2021-08-15 | 2022-08-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dolibarr | Dolibarr | 9.0.5 | All | All | All |
| Application | Dolibarr | Dolibarr | 9.0.1 | All | All | All |
| Application | Dolibarr | Dolibarr | 9.0.0 | All | All | All |
| Application | Dolibarr | Dolibarr | 8.0.4 | All | All | All |
| Application | Dolibarr | Dolibarr | 8.0.3 | All | All | All |
| Application | Dolibarr | Dolibarr | 8.0.2 | All | All | All |
| Application | Dolibarr | Dolibarr | 8.0.1 | All | All | All |
| Application | Dolibarr | Dolibarr | 8.0.0 | All | All | All |
| Application | Dolibarr | Dolibarr | 7.0.5 | All | All | All |
| Application | Dolibarr | Dolibarr | 7.0.4 | All | All | All |
| Application | Dolibarr | Dolibarr | 7.0.3 | All | All | All |
| Application | Dolibarr | Dolibarr | 7.0.2 | All | All | All |
| Application | Dolibarr | Dolibarr | 7.0.1 | All | All | All |
| Application | Dolibarr | Dolibarr | 7.0.0 | All | All | All |
| Application | Dolibarr | Dolibarr | 6.0.8 | All | All | All |
| Application | Dolibarr | Dolibarr | 6.0.7 | All | All | All |
| Application | Dolibarr | Dolibarr | 6.0.6 | All | All | All |
| Application | Dolibarr | Dolibarr | 6.0.5 | All | All | All |
| Application | Dolibarr | Dolibarr | 6.0.4 | All | All | All |
| Application | Dolibarr | Dolibarr | 6.0.3 | All | All | All |