dolibarr/dolibarr vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the dolibarr/dolibarr package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Improper Authorization

<15.0.0
  • H
SQL Injection

<19.0.2
  • M
Cross-site Scripting

<19.0.2
  • H
SQL Injection

>=0.0.0
  • H
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

>=0.0.0
  • L
Cross-Site Request Forgery (CSRF)

=7.0.0
  • M
Cross-site Scripting (XSS)

<8.0.4
  • M
Cross-site Scripting (XSS)

<6.0.1
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Improper Authentication

>=0.0.0
  • H
Information Exposure

<6.0.5
  • C
SQL Injection

>=0.0.0
  • H
SQL Injection

<8.0.4
  • C
SQL Injection

<6.0.5
  • C
SQL Injection

<6.0.5
  • C
SQL Injection

<6.0.1
  • M
SQL Injection

<7.0.2
  • C
SQL Injection

<6.0.1
  • C
SQL Injection

<6.0.5
  • H
Cross-Site Request Forgery (CSRF)

<19.0.1
  • M
Improper Control of Generation of Code ('Code Injection')

<19.0.1
  • H
Cross-site Scripting (XSS)

>=0.0.0
  • M
Improper Input Validation

>=0.0.0
  • M
Improper Access Control

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<18.0.0
  • M
Arbitrary File Upload

>=0.0.0
  • C
Remote Code Execution (RCE)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=3.5.0, <3.5.8
  • M
Cross-site Scripting (XSS)

<3.8.4
  • H
Inadequate Encryption Strength

<4.0.5
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
Arbitrary File Upload

<5.0.4
  • C
SQL Injection

<5.0.3
  • M
Cross-site Scripting (XSS)

<6.0.5
  • H
Information Exposure

<6.0.1
  • M
Cross-site Scripting (XSS)

<6.0.1
  • M
Cross-site Scripting (XSS)

<=8.0.3
  • M
Access Restriction Bypass

>=16.0.0, <16.0.5
  • H
Arbitrary Command Injection

>=17.0.0
  • H
SQL Injection

>=0.0.0
  • H
Privilege Escalation

<14.0.0
  • H
Arbitrary Code Execution

>=0.0.0
  • L
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
SQL Injection

<14.0.0
  • M
Access Control Bypass

<14.0.0
  • H
Arbitrary Code Injection

<15.0.1
  • M
Business Logic Error

>=0.0.0
  • M
Improper Access Control

>=0.0.0
  • M
Business Logic Errors

>=0.0.0
  • H
SQL Injection

<15.0.0
  • L
Business Logic Errors

<15.0.0
  • L
Cross-site Scripting (XSS)

>=0.0.0
  • L
Cross-site Scripting (XSS)

<14.0.3
  • C
Cross-site Scripting (XSS)

<14.0.0
  • C
Arbitrary Code Injection

<14.0.0
  • M
Improper Access Control

<14.0.0
  • H
Improper Authentication

<14.0.0
  • M
Cross-site Scripting (XSS)

>=2.8.1, <14.0.0
  • M
Access Restriction Bypass

>=2.8.1, <14.0.0
  • H
Remote Code Execution (RCE)

<12.0.4
  • C
Arbitrary File Upload

<11.0.5
  • M
Privilege Escalation

<11.0.5
  • M
Cross-site Scripting (XSS)

<9.0.3
  • H
Arbitrary Code Injection

<9.0.3
  • H
Improper Input Validation

<9.0.3
  • H
Cross-site Scripting (XSS)

<12.0.0
  • C
SQL Injection

<12.0.0
  • H
Cross-site Scripting (XSS)

>=0.0.0
  • H
Arbitrary File Upload

>=0.0.0
  • M
Cross-site Scripting (XSS)

<11.0.4
  • H
Improper Access Control

<11.0.4
  • M
Cross-site Request Forgery (CSRF)

>=10.0.6
  • M
Cross-site Scripting (XSS)

>=10.0.6
  • H
SQL Injection

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.4
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<12.0.0
  • M
Cross-site Scripting (XSS)

<11.0.1
  • M
Cross-site Scripting (XSS)

<11.0.1
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<10.0.3
  • M
Cross-site Scripting (XSS)

<11.0.1
  • M
Cross-site Scripting (XSS)

<10.0.2
  • M
Cross-site Scripting (XSS)

<10.0.2
  • M
Cross-site Scripting (XSS)

>6.0.3, <6.0.5
  • H
Cross-site Scripting (XSS)

>=3.8.0, <7.0.1
  • H
SQL Injection

>=3.8.0, <7.0.1
  • M
Cross-site Scripting (XSS)

<8.0.4
  • H
SQL Injection

<8.0.4
  • M
Cross-site Scripting (XSS)

<8.0.4
  • C
SQL Injection

<7.0.4
  • C
SQL Injection

<7.0.4
  • C
SQL Injection

<7.0.4
  • C
SQL Injection

<7.0.4
  • M
Cross-site Scripting (XSS)

<7.0.2
  • H
Arbitrary Code Execution

<7.0.2
  • C
SQL Injection

<7.0.2
  • M
Cross-site Scripting (XSS)

>=0.0.0
  • H
SQL Injection

>=0.0.0
  • H
SQL Injection

<5.0.4
  • M
Cross-site Scripting (XSS)

<5.0.4
  • M
Cross-site Scripting (XSS)

<7.0.0