Known Vulnerabilities for products from Dolibarr

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Dolibarr".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-34036 Not Provided 2026-03-31 2026-03-31
CVE-2022-22293 admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. 5.4 - MEDIUM 2022-01-02 2022-11-17
CVE-2022-0414 Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. 4.3 - MEDIUM 2022-01-31 2023-06-29
CVE-2022-0224 dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command 9.8 - CRITICAL 2022-01-14 2022-11-17
CVE-2022-0174 dolibarr is vulnerable to Business Logic Errors 4.3 - MEDIUM 2022-01-10 2023-08-02
CVE-2021-42220 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.4 - MEDIUM 2021-12-15 2021-12-15
CVE-2021-37517 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-03-31 2022-04-11
CVE-2021-36625 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-03-31 2022-04-11
CVE-2021-33816 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism ... 9.8 - CRITICAL 2021-11-10 2022-11-17
CVE-2021-33618 Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribu... 6.1 - MEDIUM 2021-11-10 2022-11-17
CVE-2021-25957 In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low p... 8.8 - HIGH 2021-08-17 2021-08-24
CVE-2021-25956 In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other ... 7.2 - HIGH 2021-08-17 2022-11-17
CVE-2021-25955 In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows lo... 9 - CRITICAL 2021-08-15 2022-08-01
CVE-2021-25954 In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unautho... 4.3 - MEDIUM 2021-08-09 2022-10-25
CVE-2020-35136 Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can ... 7.2 - HIGH 2020-12-23 2022-11-17
CVE-2020-14475 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web scrip... 6.1 - MEDIUM 2020-06-19 2022-11-17
CVE-2020-14443 A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execut... 8.8 - HIGH 2020-06-18 2020-06-24
CVE-2020-14209 Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. Th... 8.8 - HIGH 2020-09-02 2021-03-30
CVE-2020-14201 Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary f... 6.5 - MEDIUM 2020-08-21 2021-07-21
CVE-2020-13828 Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticat... 5.4 - MEDIUM 2020-08-31 2022-11-17
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Dolibarr

Type Vendor Product Version
ApplicationDolibarrDolibarr2.5.0
ApplicationDolibarrDolibarr Erp/crm2.8.1