GCVE - cpe:2.3:a:dolibarr:dolibarr_erp\/crm:13.0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:13.0.2:*:*:*:*:*:*:*

part: a version: 13.0.2 update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr Erp/Crm (`43fce236-1427-50a7-9efe-8afa61d3c40d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-37517`	vulnerable	2026-06-08 05:32:54.310504	Details available An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. Published: 2022-03-31T18:06:03.000Z Updated: 2024-08-04T01:23:01.232Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/b57eb8284e830e30eefb26e3c5ede076ea24037c	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-36625`	vulnerable	2026-06-08 05:32:52.303869	Details available An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. Published: 2022-03-31T17:50:36.000Z Updated: 2024-08-04T01:01:58.633Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/abb1ad6bf0469eccd2b58beb20bdabc18fc36e22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33816`	vulnerable	2026-06-08 05:32:12.513657	Details available The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. Published: 2021-11-10T22:37:21.000Z Updated: 2024-08-03T23:58:23.177Z Open on db.gcve.eu Reference links https://trovent.io/security-advisory-2106-01 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt http://seclists.org/fulldisclosure/2021/Nov/39	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33618`	vulnerable	2026-06-08 05:32:11.884868	Details available Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. Published: 2021-11-10T22:40:41.000Z Updated: 2024-08-03T23:58:21.418Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/releases https://trovent.io/security-advisory-2105-02 https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt http://seclists.org/fulldisclosure/2021/Nov/38	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Dolibarr ERP CRM 13.0.2

PURL mappings

Vulnerability references

Contribute