Nixpkgs Security Tracker

Untriaged

Permalink CVE-2013-2091

created 1 month ago

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers …

SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

References

https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836… x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2091 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2013-2091 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_transferred x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 x_transferred x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836… x_transferred x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836… x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2091 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2013-2091 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_transferred x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 x_transferred x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836… x_transferred x_refsource_CONFIRM

Affected products

dolibarr

==3.3.1

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 22.0.4
- nixpkgs-unstable 22.0.4
- nixos-unstable-small 22.0.4
nixos-25.11 22.0.4
- nixos-25.11-small 22.0.4
- nixpkgs-25.11-darwin 22.0.4

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2013-2093

created 1 month ago

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in …

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.

References

http://www.openwall.com/lists/oss-security/2013/05/14/3 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2013-2093 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84249 x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e… x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2093 x_transferred x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84249 x_transferred x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e… x_transferred x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2013-2093 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84249 x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e… x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2093 x_transferred x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/84249 x_transferred x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e… x_transferred x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_transferred x_refsource_MISC

Affected products

dolibarr

==3.3.4-1

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 22.0.4
- nixpkgs-unstable 22.0.4
- nixos-unstable-small 22.0.4
nixos-25.11 22.0.4
- nixos-25.11-small 22.0.4
- nixpkgs-25.11-darwin 22.0.4

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Untriaged

Permalink CVE-2013-2092

created 1 month ago

Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers …

Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.

References

https://security-tracker.debian.org/tracker/CVE-2013-2092 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b049… x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2092 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_transferred x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b049… x_transferred x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2092 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_refsource_MISC
https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b049… x_refsource_CONFIRM
https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b049… x_transferred x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2013-2092 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/14/3 x_transferred x_refsource_MISC

Affected products

dolibarr

==3.3.4-1

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 22.0.4
- nixpkgs-unstable 22.0.4
- nixos-unstable-small 22.0.4
nixos-25.11 22.0.4
- nixos-25.11-small 22.0.4
- nixpkgs-25.11-darwin 22.0.4

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Dismissed

Permalink CVE-2020-36966

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse dismissed 1 month, 2 weeks ago

Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.

References

ExploitDB-48504 exploit
Official Dolibarr Product Homepage product
VulnCheck Advisory: Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting third-party-advisory

Affected products

Dolibarr

=<11.0.3

Matching in nixpkgs

pkgs.dolibarr

Enterprise resource planning (ERP) and customer relationship manager (CRM) server

nixos-unstable 22.0.2
- nixpkgs-unstable 22.0.2
- nixos-unstable-small 22.0.2

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Current stable was never impacted

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.dolibarr

Package maintainers