In Dolibarr versions prior to 15.0.0 a medium severity vulnerability CVE-2021-3991 was found. This vulnerability lets attackers view sensitive reception details by accessing specific URLs without proper permissions. To fix this issue, users are advised to upgrade to version 15.0.0 or above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2021-3991.
Read more ERPIn Dolibarr ERP CRM versions before 19.0.2-php8.2 a high severity vulnerability CVE-2024-40137 was detected. A vulnerability in the Computed field parameter of the Users Module Setup in Dolibarr ERP CRM allows remote code execution. Fixed in version 19.0.2-php8.2 and later. If you can’t update, disable the function, restrict access, enforce strong access controls, monitor activity, conduct a security audit, and use network segmentation to limit movement. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40137.
Read more ERPIn the Dolibarr version 19.0.1 a low severity vulnerability CVE-2024-37821 was detected. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SQL file. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37821/.
Read more ERPIn Dolibarr versions before 19.0.2 a low severity vulnerability CVE-2024-34051 was detected. This flaw allows attackers to execute harmful scripts through the “facid” parameter on the payment card page. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34051/.
Read more ERPIn Dolibarr version 9.0.1 a critical severity vulnerability CVE-2024-5315 was detected. This issue in ERP-CRM could let attackers access database information through a vulnerable parameter. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5315/.
Read more ERPIn Dolibarr a critical security vulnerability CVE-2024-29477 was detected. This vulnerability allows attackers to access your network and execute malicious code during installation. The issue is resolved in Dolibarr version 19.0.1 or newer. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29477.
Read more ERP