Dolibarr ERP CRM 17.0.1

CPE Details

Dolibarr ERP CRM 17.0.1
dolibarr
dolibarr_erp\/crm
17.0.1
2023-12-08
23h30 +00:00
2023-12-08
23h30 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:dolibarr:dolibarr_erp\/crm:17.0.1:*:*:*:*:*:*:*

Informations

Vendor

dolibarr

Product

dolibarr_erp\/crm

Version

17.0.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-3991 2024-11-15 10h52 +00:00 An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
4.3
Moyen
CVE-2024-29477 2024-04-03 00h00 +00:00 Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
8.8
Haute
CVE-2023-4198 2023-11-01 08h01 +00:00 Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
6.5
Moyen
CVE-2023-4197 2023-11-01 07h58 +00:00 Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
8.8
Haute
CVE-2023-5323 2023-10-01 00h00 +00:00 Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
6.1
Moyen
CVE-2023-38886 2023-09-19 22h00 +00:00 An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
7.2
Haute
CVE-2023-38887 2023-09-19 22h00 +00:00 File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
8.8
Haute
CVE-2023-38888 2023-09-19 22h00 +00:00 Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
9.6
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.