Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dolibarr — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting dolibarr. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dolibarr is an open-source Enterprise Resource Planning and Customer Relationship Management system designed for businesses, foundations, and freelancers to manage invoices, inventory, and contacts. Historically, its codebase has exhibited vulnerabilities typical of PHP-based web applications, including SQL injection, cross-site scripting, and insecure direct object references. Notable issues have involved remote code execution and privilege escalation, often stemming from insufficient input validation or improper access control mechanisms. While the project maintains an active development cycle, the accumulation of thirty-three Common Vulnerabilities and Exposures highlights the challenges of securing complex, community-driven software. Recent patches have addressed critical flaws allowing unauthorized data access or system compromise. Users are advised to maintain strict update protocols and implement robust network segmentation to mitigate risks associated with these historically common vulnerability classes within the platform.

Top products by dolibarr: dolibarr dolibarr/dolibarr Dolibarr ERP/CRM Dolibarr ERP CRM ERP CMS ERP CRM CRM Dolibarr ERP-CRM
CVE IDTitleCVSSSeverityPublished
CVE-2025-67486 Dolibarr has an Authenticated Remote Code Execution via eval() injection in user extrafields — dolibarrCWE-74 7.2AIHighAI2026-05-08
CVE-2026-7689 Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification — ERP CRMCWE-347 3.7 Low2026-05-03
CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection — ERP CRMCWE-89 5.0 Medium2026-05-03
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration — dolibarrCWE-78 7.2AIHighAI2026-04-17
CVE-2019-25710 Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter — Dolibarr ERP-CRMCWE-89 8.2 High2026-04-12
CVE-2026-22666 Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard() — Dolibarr ERP/CRMCWE-95 7.2 High2026-04-07
CVE-2026-34036 Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php — dolibarrCWE-98 6.5 Medium2026-03-31
CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid — Dolibarr ERP/CRMCWE-89 7.5 High2026-02-22
CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php — Dolibarr ERP/CRMCWE-89 7.5 High2026-02-22
CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting — DolibarrCWE-79 6.4 Medium2026-01-30
CVE-2021-47779 Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation — CRMCWE-79 5.4 Medium2026-01-15
CVE-2021-3991 Improper Authorization in dolibarr/dolibarr — dolibarr/dolibarrCWE-285 4.3AIMediumAI2024-11-15
CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS — ERP CMSCWE-89 9.1 Critical2024-05-24
CVE-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS — ERP CMSCWE-89 9.1 Critical2024-05-24
CVE-2024-23817 Dolibarr Application Home Page HTML injection vulnerability — dolibarrCWE-79 7.1 High2024-01-25
CVE-2023-4198 Dolibarr ERP CRM (<= 17.0.3) Improper Access Control — Dolibarr ERP CRMCWE-862 6.5 Medium2023-11-01
CVE-2023-4197 Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE — Dolibarr ERP CRMCWE-20 7.5 High2023-11-01
CVE-2023-5842 Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr — dolibarr/dolibarrCWE-79 5.4 -2023-10-30
CVE-2023-5323 Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr — dolibarr/dolibarrCWE-79 5.4 -2023-10-01
CVE-2022-4093 SQL Injection in dolibarr/dolibarr — dolibarr/dolibarrCWE-89 9.8 -2022-11-21
CVE-2022-2060 Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr — dolibarr/dolibarrCWE-79 5.4 -2022-06-13
CVE-2022-0819 Code Injection in dolibarr/dolibarr — dolibarr/dolibarrCWE-94 8.1 -2022-03-02
CVE-2022-0746 Business Logic Errors in dolibarr/dolibarr — dolibarr/dolibarrCWE-840 4.3 -2022-02-25
CVE-2022-0731 Improper Access Control (IDOR) in dolibarr/dolibarr — dolibarr/dolibarrCWE-284 7.1 -2022-02-23
CVE-2022-0414 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr — dolibarr/dolibarrCWE-1284 4.3 -2022-01-31
CVE-2022-0224 SQL Injection in dolibarr/dolibarr — dolibarr/dolibarrCWE-89 8.8 -2022-01-14
CVE-2022-0174 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr — dolibarr/dolibarrCWE-1284 4.3 Medium2022-01-10
CVE-2021-25956 Improper User Access Control in "Dolibarr" Leads to Account Takeover — dolibarrCWE-284 4.7 Medium2021-08-17
CVE-2021-25957 Account Takeover in "Dolibarr" via Password Reset Functionality — dolibarrCWE-640 8.8 High2021-08-17
CVE-2021-25955 Stored XSS in “Dolibarr” leads to privilege escalation — dolibarrCWE-79 9.0 Critical2021-08-15

This page lists every published CVE security advisory associated with dolibarr. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.