Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dolibarr — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting dolibarr. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by dolibarr:dolibarrdolibarr/dolibarrDolibarr ERP/CRMDolibarr ERP CRMERP CMSCRMDolibarr ERP-CRM
CVE IDTitleCVSSSeverityPublished
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration — dolibarrCWE-78 7.2AIHighAI2026-04-17
CVE-2019-25710 Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter — Dolibarr ERP-CRMCWE-89 8.2 High2026-04-12
CVE-2026-22666 Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard() — Dolibarr ERP/CRMCWE-95 7.2 High2026-04-07
CVE-2026-34036 Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php — dolibarrCWE-98 6.5 Medium2026-03-31
CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid — Dolibarr ERP/CRMCWE-89 7.5 High2026-02-22
CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php — Dolibarr ERP/CRMCWE-89 7.5 High2026-02-22
CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting — DolibarrCWE-79 6.4 Medium2026-01-30
CVE-2021-47779 Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation — CRMCWE-79 5.4 Medium2026-01-15
CVE-2021-3991 Improper Authorization in dolibarr/dolibarr — dolibarr/dolibarrCWE-285 4.3AIMediumAI2024-11-15
CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS — ERP CMSCWE-89 9.1 Critical2024-05-24
CVE-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS — ERP CMSCWE-89 9.1 Critical2024-05-24
CVE-2024-23817 Dolibarr Application Home Page HTML injection vulnerability — dolibarrCWE-79 7.1 High2024-01-25
CVE-2023-4198 Dolibarr ERP CRM (<= 17.0.3) Improper Access Control — Dolibarr ERP CRMCWE-862 6.5 Medium2023-11-01
CVE-2023-4197 Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE — Dolibarr ERP CRMCWE-20 7.5 High2023-11-01
CVE-2023-5842 Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr — dolibarr/dolibarrCWE-79 5.4 -2023-10-30
CVE-2023-5323 Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr — dolibarr/dolibarrCWE-79 5.4 -2023-10-01
CVE-2022-4093 SQL Injection in dolibarr/dolibarr — dolibarr/dolibarrCWE-89 9.8 -2022-11-21
CVE-2022-2060 Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr — dolibarr/dolibarrCWE-79 5.4 -2022-06-13
CVE-2022-0819 Code Injection in dolibarr/dolibarr — dolibarr/dolibarrCWE-94 8.1 -2022-03-02
CVE-2022-0746 Business Logic Errors in dolibarr/dolibarr — dolibarr/dolibarrCWE-840 4.3 -2022-02-25
CVE-2022-0731 Improper Access Control (IDOR) in dolibarr/dolibarr — dolibarr/dolibarrCWE-284 7.1 -2022-02-23
CVE-2022-0414 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr — dolibarr/dolibarrCWE-1284 4.3 -2022-01-31
CVE-2022-0224 SQL Injection in dolibarr/dolibarr — dolibarr/dolibarrCWE-89 8.8 -2022-01-14
CVE-2022-0174 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr — dolibarr/dolibarrCWE-1284 4.3 Medium2022-01-10
CVE-2021-25956 Improper User Access Control in "Dolibarr" Leads to Account Takeover — dolibarrCWE-284 4.7 Medium2021-08-17
CVE-2021-25957 Account Takeover in "Dolibarr" via Password Reset Functionality — dolibarrCWE-640 8.8 High2021-08-17
CVE-2021-25955 Stored XSS in “Dolibarr” leads to privilege escalation — dolibarrCWE-79 9.0 Critical2021-08-15
CVE-2021-25954 Improper Access Control in “Dolibarr” — dolibarrCWE-284 4.3 Medium2021-08-09
CVE-2013-2093 Dolibarr ERP/CRM 输入验证错误漏洞 — dolibarr 9.8 -2019-11-20
CVE-2013-2092 Dolibarr ERP/CRM 跨站脚本漏洞 — dolibarr 6.1 -2019-11-20

This page lists every published CVE security advisory associated with dolibarr. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.