Dolibarr 漏洞列表

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.

Dolibarr ERP CRM存在命令注入漏洞，该漏洞是由于export.php对用户的请求缺乏验证。

Dolibarr ERP、CRM包中存在代码注入漏洞。该漏洞是由于 Menu editor 模块中 dol_eval 函数对用户的输入数据验证不足导致的。

Dolibarr是一个erp与crm软件，在漏洞收录时在GitHub平台有4.1k+star，在版本 <= 16.0.5存在信息泄漏漏洞。

Dolibarr edit.php 存在远程命令执行漏洞，攻击者通过逻辑漏洞创建管理员后可以通过后台漏洞获取服务器权限