GCVE - cpe:2.3:a:dolibarr:dolibarr:6.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr:6.0.0:*:*:*:*:*:*:*

part: a version: 6.0.0 update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr (`e1a4d2d9-2452-53d5-8282-d972bebb0801`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:composer/dolibarr/dolibarr`	purl2cpe	2026-06-01 10:11:16.219010
`pkg:github/dolibarr/dolibarr`	purl2cpe	2026-06-01 10:11:16.219011
`pkg:sourceforge/dolibarr`	purl2cpe	2026-06-01 10:11:16.219012

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-14242`	vulnerable	2026-06-08 05:08:49.510934	Details available SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Published: 2017-09-11T09:00:00.000Z Updated: 2024-08-05T19:20:41.271Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14241`	vulnerable	2026-06-08 05:08:49.510653	Details available Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. Published: 2017-09-11T09:00:00.000Z Updated: 2024-08-05T19:20:41.254Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14240`	vulnerable	2026-06-08 05:08:49.510379	Details available There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. Published: 2017-09-11T09:00:00.000Z Updated: 2024-08-05T19:20:41.229Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14239`	vulnerable	2026-06-08 05:08:49.510076	Details available Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. Published: 2017-09-11T09:00:00.000Z Updated: 2024-08-05T19:20:41.281Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14238`	vulnerable	2026-06-08 05:08:49.509690	Details available SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. Published: 2017-09-11T09:00:00.000Z Updated: 2024-08-05T19:20:41.316Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.