Browse all 34 CVE security advisories affecting Dolibarr. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dolibarr is an open-source Enterprise Resource Planning and Customer Relationship Management system designed for businesses, foundations, and freelancers to manage invoices, inventory, and contacts. Historically, its codebase has exhibited vulnerabilities typical of PHP-based web applications, including SQL injection, cross-site scripting, and insecure direct object references. Notable issues have involved remote code execution and privilege escalation, often stemming from insufficient input validation or improper access control mechanisms. While the project maintains an active development cycle, the accumulation of thirty-three Common Vulnerabilities and Exposures highlights the challenges of securing complex, community-driven software. Recent patches have addressed critical flaws allowing unauthorized data access or system compromise. Users are advised to maintain strict update protocols and implement robust network segmentation to mitigate risks associated with these historically common vulnerability classes within the platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-25954 | Improper Access Control in “Dolibarr” — dolibarrCWE-284 | 4.3 | Medium | 2021-08-09 |
| CVE-2013-2093 | Dolibarr ERP/CRM 输入验证错误漏洞 — dolibarr | 9.8 | - | 2019-11-20 |
| CVE-2013-2092 | Dolibarr ERP/CRM 跨站脚本漏洞 — dolibarr | 6.1 | - | 2019-11-20 |
| CVE-2013-2091 | Dolibarr ERP/CRM SQL注入漏洞 — dolibarr | 9.8 | - | 2019-11-20 |
This page lists every published CVE security advisory associated with Dolibarr. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.