GCVE - cpe:2.3:a:dolibarr:dolibarr_erp\/crm:8.0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:8.0.2:*:*:*:*:*:*:*

part: a version: 8.0.2 update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr Erp/Crm (`43fce236-1427-50a7-9efe-8afa61d3c40d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-19998`	vulnerable	2026-06-08 05:11:16.534129	Details available SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. Published: 2019-01-03T19:00:00.000Z Updated: 2024-08-05T11:51:18.085Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19995`	vulnerable	2026-06-08 05:11:16.533836	Details available A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. Published: 2019-01-03T19:00:00.000Z Updated: 2024-08-05T11:51:17.949Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/4b8be6ed64763327018ac1c076f81ddffa87855e https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19994`	vulnerable	2026-06-08 05:11:16.533530	Details available An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. Published: 2019-01-03T19:00:00.000Z Updated: 2024-08-05T11:51:18.066Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/850b939ffd2c7a4443649331b923d5e0da2d6446	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19993`	vulnerable	2026-06-08 05:11:16.533217	Details available A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. Published: 2019-01-03T19:00:00.000Z Updated: 2024-08-05T11:51:17.967Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19992`	vulnerable	2026-06-08 05:11:16.532742	Details available A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. Published: 2019-01-03T19:00:00.000Z Updated: 2024-08-05T11:51:18.106Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/0f06e39d23636bd1e4039ac61a743c79725c798b	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.