Homepage

dolibarr/dolibarr vulnerabilities

Licenses: GPL-3.0

License

GPL-3.0>=0;
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the dolibarr/dolibarr package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Arbitrary Code Injection

<21.0.3
  • H
PHP Remote File Inclusion

>=0.0.0
  • M
Improper Authorization

<15.0.0
  • H
SQL Injection

<19.0.2
  • M
Cross-site Scripting

<19.0.2
  • H
SQL Injection

>=0.0.0
  • H
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

>=0.0.0
  • L
Cross-Site Request Forgery (CSRF)

=7.0.0
  • M
Cross-site Scripting (XSS)

<8.0.4
  • M
Cross-site Scripting (XSS)

<6.0.1
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Improper Authentication

>=0.0.0
  • H
Information Exposure

<6.0.5
  • C
SQL Injection

>=0.0.0
  • H
SQL Injection

<8.0.4
  • C
SQL Injection

<6.0.5
  • C
SQL Injection

<6.0.5
  • C
SQL Injection

<6.0.1
  • M
SQL Injection

<7.0.2
  • C
SQL Injection

<6.0.1
  • C
SQL Injection

<6.0.5
  • H
Cross-Site Request Forgery (CSRF)

<19.0.1
  • M
Improper Control of Generation of Code ('Code Injection')

<19.0.1
  • H
Cross-site Scripting (XSS)

>=0.0.0
  • M
Improper Input Validation

>=0.0.0
  • M
Improper Access Control

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<18.0.0
  • M
Arbitrary File Upload

>=0.0.0
  • C
Remote Code Execution (RCE)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=3.5.0, <3.5.8
  • M
Cross-site Scripting (XSS)

<3.8.4
  • H
Inadequate Encryption Strength

<4.0.5
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
Arbitrary File Upload

<5.0.4
  • C
SQL Injection

<5.0.3
  • M
Cross-site Scripting (XSS)

<6.0.5
  • H
Information Exposure

<6.0.1
  • M
Cross-site Scripting (XSS)

<6.0.1
  • M
Cross-site Scripting (XSS)

<=8.0.3
  • M
Access Restriction Bypass

>=16.0.0, <16.0.5
  • H
Arbitrary Command Injection

>=17.0.0
  • H
SQL Injection

>=0.0.0
  • H
Privilege Escalation

<14.0.0
  • H
Arbitrary Code Execution

>=0.0.0
  • L
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
SQL Injection

<14.0.0
  • M
Access Control Bypass

<14.0.0
  • H
Arbitrary Code Injection

<15.0.1
  • M
Business Logic Error

>=0.0.0
  • M
Improper Access Control

>=0.0.0
  • M
Business Logic Errors

>=0.0.0
  • H
SQL Injection

<15.0.0
  • L
Business Logic Errors

<15.0.0
  • L
Cross-site Scripting (XSS)

>=0.0.0
  • L
Cross-site Scripting (XSS)

<14.0.3
  • C
Cross-site Scripting (XSS)

<14.0.0
  • C
Arbitrary Code Injection

<14.0.0
  • M
Improper Access Control

<14.0.0
  • H
Improper Authentication

<14.0.0
  • M
Cross-site Scripting (XSS)

>=2.8.1, <14.0.0
  • M
Access Restriction Bypass

>=2.8.1, <14.0.0
  • H
Remote Code Execution (RCE)

<12.0.4
  • C
Arbitrary File Upload

<11.0.5
  • M
Privilege Escalation

<11.0.5
  • M
Cross-site Scripting (XSS)

<9.0.3
  • H
Arbitrary Code Injection

<9.0.3
  • H
Improper Input Validation

<9.0.3
  • H
Cross-site Scripting (XSS)

<12.0.0
  • C
SQL Injection

<12.0.0
  • H
Cross-site Scripting (XSS)

>=0.0.0
  • H
Arbitrary File Upload

>=0.0.0
  • M
Cross-site Scripting (XSS)

<11.0.4
  • H
Improper Access Control

<11.0.4
  • M
Cross-site Request Forgery (CSRF)

>=10.0.6
  • M
Cross-site Scripting (XSS)

>=10.0.6
  • H
SQL Injection

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.4
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<12.0.0
  • M
Cross-site Scripting (XSS)

<11.0.1
  • M
Cross-site Scripting (XSS)

<11.0.1
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<11.0.1
  • M
Cross-site Scripting (XSS)

<10.0.2
  • M
Cross-site Scripting (XSS)

<10.0.2
  • M
Cross-site Scripting (XSS)

>6.0.3, <6.0.5
  • H
Cross-site Scripting (XSS)

>=3.8.0, <7.0.1
  • H
SQL Injection

>=3.8.0, <7.0.1
  • M
Cross-site Scripting (XSS)

<8.0.4
  • M
Cross-site Scripting (XSS)

<8.0.4
  • H
SQL Injection

<8.0.4
  • C
SQL Injection

<7.0.4
  • C
SQL Injection

<7.0.4
  • C
SQL Injection

<7.0.4
  • C
SQL Injection

<7.0.4
  • M
Cross-site Scripting (XSS)

<7.0.2
  • H
Arbitrary Code Execution

<7.0.2
  • C
SQL Injection

<7.0.2
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
SQL Injection

>=0.0.0
  • H
SQL Injection

<5.0.4
  • M
Cross-site Scripting (XSS)

<5.0.4
  • M
Cross-site Scripting (XSS)

<7.0.0