dolibarr

Top products

The 15 most recently published vulnerabilities affecting dolibarr.

• CVE-2026-11619Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization6.3Jun 9, 2026
• CVE-2026-10215Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization4.3Jun 1, 2026
• CVE-2026-10154Dolibarr ERP CRM messaging.php authorization4.3May 30, 2026
• CVE-2018-25357Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php9.8May 23, 2026
• CVE-2025-67486Dolibarr has an Authenticated Remote Code Execution via eval() injection in user extrafields7.2May 8, 2026
• CVE-2026-7689Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification3.7May 3, 2026
• CVE-2026-7688Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection5.0May 3, 2026
• CVE-2026-31019In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticate...8.8Apr 21, 2026
• CVE-2026-31018In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user rest...8.8Apr 21, 2026
• CVE-2026-23500Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration9.1Apr 17, 2026
• CVE-2019-25710Dolibarr ERP-CRM 8.0.4 SQL Injection via rowid Parameter8.2Apr 12, 2026
• CVE-2026-22666Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard()7.2Apr 7, 2026
• CVE-2026-34036Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php6.5Mar 31, 2026
• CVE-2019-25452Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid7.5Feb 22, 2026
• CVE-2019-25450Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php7.5Feb 22, 2026