Dolibarr version 7.00 suffers from a remote SQL injection vulnerability.
8e0d56eb49340ce22784ec902db0841605a953ae0a81a7f285daa3efed1da4bb
This Metasploit module attempts to authenticate to a Dolibarr ERP/CRMs admin web interface, and should only work against version 3.1.1 or older, because these versions do not have any default protections against brute forcing.
d41bf234f652b296f874c2bf38bd949fde590e4df8c3dfc9b189088e55d21615
Dolibarr version 16 < 16.0.5 is vulnerable to a pre-authentication contact database dump. An unauthenticated attacker may retrieve a company’s entire customer file, prospects, suppliers, and potentially employee information if a contact file exists. Both public and private notes are also included in the dump.
95f873cff9c0a7c426150fa238097ed844f4008287fc135b08ecfe388a5fdbdc
This Metasploit module enables an authenticated user to collect the usernames and encrypted passwords of other users in the Dolibarr ERP/CRM via SQL injection.
bf3ca1e9d4350740c01f5818654eeda12704172d96dbfb16f499f0d5e56d58aa
This Metasploit module will extract user credentials from DoliWamp - a WAMP packaged installer distribution for Dolibarr ERP on Windows - versions 3.3.0 to 3.4.2 by hijacking a users session. DoliWamp stores session tokens in filenames in the tmp directory. A directory traversal vulnerability in jqueryFileTree.php allows unauthenticated users to retrieve session tokens by listing the contents of this directory. Note: All tokens expire after 30 minutes of inactivity by default.
343f39a5e75827ba9aafe33c696a34ec5f95c6a3bec54cae7cab8ff77208bdb4
Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.
03d90d763595e2fde18d9c8342024adf0cffb037d0c3aa3256b6204747312b19
Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.
0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216
Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.
6afececee15157d0a85c82e9913e53a3fb7f9193f24e64dca4bef906cb032beb
Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation.
166a8c6b493d8615a3ec9dbdabaa45c38426bcb863b2a64ad1c9311702ee137a
Dolibarr ERP/CRM versions 14.0.1 and below suffer from a privilege escalation vulnerability.
0ab1a2b5906577cdab22ccf7d0109094744dc339b81d05909ad21448c8ca34be
Dolibarr ERP/CRM version 10.0.6 login brute forcing exploit.
63a36f93b7d48318d5fd0616171ef949e346e86520318ffb5ac3b55db0707dba
Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.
f58dbb30223078b60e2c591a9796c22c1a7783555278cad42361cd544f71b096
Dolibarr ERP-CRM version 12.0.3 authenticated remote code execution exploit.
a827bbc34db246193bb324317730bae0de4bdce71909665ae77fd9290b6a4169
Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.
752f6eae60abdb96ea2bf446f22afe9d2446db44df565231549fcd6896d20f74
Dolibarr version 11.0.3 suffers from a cross site scripting vulnerability.
211ed7fe05f4f8e207f45b266bb828638c6e20b43074aa9139888a3ab65eeba3
Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.
0187de9002d59f341d170b546ca8984e4ebf01432ab6172e13141bf0b1e44251
Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.
6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.
bab53fc3d093813545a41360b16744c1c7a3723c574c2a429a2b935572a6e1be
Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.
6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.
0cd579c529c4cdfc92e87078188a90d8b1deb7799e498826ff25224d10f7d825
Dolibarr ERP / CRM version 8.0.3 suffers from a cross site scripting vulnerability.
93a597392584cf3b5e1ab2271d1890060f352e5b06b9fab46d705c70d7f46e0d
Dolibarr ERP CRM versions 7.0.3 and below suffers from a remote PHP code injection vulnerability.
fc5142ae39b8819bd3b4adc9a7e85a1e61e619336e7858b6ec007649132d9999
Dolibarr version 7.0.0 suffers from a cross site scripting vulnerability.
235ac208c4e6ce47b7f8c9319764455ad8078d7f3cba65644beb49a223621546
Dolibarr version 7.0.0 suffers from a remote code execution vulnerability.
82e31902b3f4b570ff96cbd6dd7c8550c22738e7abee5cb266781e15aa234753
Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.
67e466b14aa97ac21950629117eb4c52ee558b2a3430fa6644da1913cbe9299e
Dolibarr CRM versions prior to 3.9.1 suffer from a command injection vulnerability.
72598740c36ce33bbbb05e4e0c1eab2ccda56772b3cadd684a9b6e1a93d60723