Known Vulnerabilities for products from Dolibarr
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Dolibarr".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34036 json | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-31019 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-31018 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-23500 json | Not Provided | 2026-04-17 | 2026-04-18 | |
| CVE-2026-22666 json | Not Provided | 2026-04-07 | 2026-04-07 | |
| CVE-2024-23817 json | 6.1 - MEDIUM | 2024-01-25 | 2024-01-31 | |
| CVE-2023-38888 json | Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive infor... | 9.6 - CRITICAL | 2023-09-20 | 2023-09-22 |
| CVE-2023-38887 json | File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obta... | 8.8 - HIGH | 2023-09-20 | 2023-09-22 |
| CVE-2023-38886 json | An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted ... | 7.2 - HIGH | 2023-09-20 | 2023-09-22 |
| CVE-2023-33568 json | An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's enti... | 7.5 - HIGH | 2023-06-13 | 2023-06-23 |
| CVE-2023-30253 json | Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: | 8.8 - HIGH | 2023-05-29 | 2023-06-05 |
| CVE-2023-5842 json | Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | 4.8 - MEDIUM | 2023-10-30 | 2023-11-07 |
| CVE-2023-5323 json | Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | 6.1 - MEDIUM | 2023-10-01 | 2023-10-02 |
| CVE-2023-4198 json | Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table con... | 6.5 - MEDIUM | 2023-11-01 | 2023-11-08 |
| CVE-2023-4197 json | Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creati... | 8.8 - HIGH | 2023-11-01 | 2023-11-08 |
| CVE-2022-43138 json | Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. | 9.8 - CRITICAL | 2022-11-17 | 2023-08-08 |
| CVE-2022-40871 json | Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation p... | 9.8 - CRITICAL | 2022-10-12 | 2023-08-08 |
| CVE-2022-30875 json | Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | 6.1 - MEDIUM | 2022-06-08 | 2023-11-07 |
| CVE-2022-22293 json | admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. | 5.4 - MEDIUM | 2022-01-02 | 2022-11-17 |
| CVE-2022-4093 json | SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or persona... | 9.8 - CRITICAL | 2022-11-21 | 2022-11-23 |
Known software with vulnerabilities from Dolibarr
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dolibarr | Dolibarr | 10.0.1 |
| Application | Dolibarr | Dolibarr Erp/crm | 2.8.1 |