GCVE - cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:2.7.1:*:*:*:*:*:*:*

part: a version: 2.7.1 update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr Erp/Crm (`43fce236-1427-50a7-9efe-8afa61d3c40d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-1225`	vulnerable	2026-06-08 05:00:48.285538	Details available Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. Published: 2012-02-21T00:00:00.000Z Updated: 2024-09-16T19:41:24.884Z Open on db.gcve.eu Reference links http://secunia.com/advisories/47969 http://archives.neohapsis.com/archives/bugtraq/2012-02/0056.html http://www.securityfocus.com/bid/51956 http://osvdb.org/79011	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4814`	vulnerable	2026-06-08 04:59:33.091526	Details available Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. Published: 2011-12-14T00:00:00.000Z Updated: 2024-08-07T00:16:34.957Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/520619/100/0/threaded https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_dolibarr.html https://github.com/Dolibarr/dolibarr/commit/63820ab37537fdff842539425b2bf2881f0d8e91 https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4802`	vulnerable	2026-06-08 04:59:33.022610	Details available Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. Published: 2011-12-14T00:00:00.000Z Updated: 2024-08-07T00:16:34.977Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/520619/100/0/threaded http://osvdb.org/77346 http://osvdb.org/77340 https://github.com/Dolibarr/dolibarr/commit/d08d28c0cda1f762a47cc205d4363de03df16675 http://osvdb.org/77341	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.