Dolibarr Luki w zabezpieczeniach

Oś czasu

Rodzaj

Produkt

Dolibarr CRM24
Dolibarr ERP CRM23
Dolibarr ERP22

Przeciwdziałanie

Official Fix26
Temporary Fix0
Workaround0
Unavailable0
Not Defined23

Wykorzystywanie

High0
Functional0
Proof-of-Concept1
Unproven0
Not Defined48

Wektor dostępu

Not Defined0
Physical1
Local0
Adjacent2
Network46

Uwierzytelnianie

Not Defined0
High0
Low24
None25

Interakcja z użytkownikiem

Not Defined0
Required16
None33

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤42
≤57
≤612
≤79
≤812
≤97
≤100

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤59
≤612
≤79
≤810
≤97
≤100

VulDB

≤10
≤20
≤30
≤48
≤511
≤69
≤713
≤88
≤90
≤100

NVD

≤10
≤20
≤30
≤40
≤50
≤66
≤712
≤83
≤98
≤1012

CNA

≤10
≤20
≤30
≤40
≤51
≤60
≤71
≤81
≤91
≤100

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k13
<2k28
<5k8
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k45
<2k4
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (3): CRM (24), ERP (22), ERP CRM (23)

OpublikowanoBaseTempSłaby punktProdWykPrzCTIEPSSCVE
2023-11-015.95.9Dolibarr ERP CRM Database Table privilege escalationEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.030.00049CVE-2023-4198
2023-11-017.17.1Dolibarr ERP CRM privilege escalationEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.000.00068CVE-2023-4197
2023-09-206.76.7Dolibarr ERP CRM Command Privilege EscalationEnterprise Resource Planning SoftwareNot DefinedNot Defined0.020.00160CVE-2023-38886
2023-09-206.56.5Dolibarr ERP CRM REST API Module testSqlAndScriptject cross site scriptingEnterprise Resource Planning SoftwareNot DefinedNot Defined0.020.00178CVE-2023-38888
2023-09-207.57.5Dolibarr ERP CRM privilege escalationEnterprise Resource Planning SoftwareNot DefinedNot Defined0.030.00097CVE-2023-38887
2023-05-177.67.5Dolibarr ERP CRM login sql injectionEnterprise Resource Planning SoftwareNot DefinedNot Defined0.020.00076CVE-2023-27742
2022-10-126.36.1Dolibarr ERP/CRM Installation Page privilege escalationEnterprise Resource Planning SoftwareNot DefinedNot Defined0.080.00252CVE-2022-40871
2022-04-013.53.4Dolibarr ERP/CRM Email Address denial of serviceEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.000.00074CVE-2021-37517
2022-04-016.36.0Dolibarr ERP/CRM UPDATE Statement sql injectionEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.030.00087CVE-2021-36625
2022-01-147.37.1Dolibarr ERP SQL Command sql injectionEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.000.00194CVE-2022-0224

39 więcej wpisów nie jest pokazywanych

Do you need the next level of professionalism?

Upgrade your account now!