GCVE - cpe:2.3:a:dolibarr:dolibarr_erp_crm:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr_erp_crm:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr Erp Crm (`7c17e14f-b10e-57da-a714-9a4d5ce7a0cb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4198`	vulnerable	2026-06-08 06:16:11.756668	Dolibarr ERP CRM (<= 17.0.3) Improper Access Control MEDIUM (6.5) Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data Published: 2023-11-01T08:01:16.469Z Updated: 2024-09-05T19:56:33.124Z Open on db.gcve.eu Reference links https://starlabs.sg/advisories/23/23-4198 https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947b	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4197`	vulnerable	2026-06-08 06:16:11.755527	Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE HIGH (7.5) Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. Published: 2023-11-01T07:58:56.679Z Updated: 2024-09-05T19:57:29.722Z Open on db.gcve.eu Reference links https://starlabs.sg/advisories/23/23-4197 https://github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087e	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-25357`	vulnerable	2026-06-08 05:11:29.836400	Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php CRITICAL (9.8) Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter. Published: 2026-05-23T18:32:14.169Z Updated: 2026-05-26T13:35:57.192Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/44964 https://dolibarr.org https://github.com/Dolibarr/dolibarr https://www.vulncheck.com/advisories/dolibarr-erp-crm-remote-code-evaluation-via-install-step1-php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.