Laurent Destailleur

62 exploits Active since Dec 2011
CVE-2021-25956 WRITEUP MEDIUM WRITEUP
Dolibarr 3.3.beta1_20121221-13.0.2 - Authenticated Account Takeover via User Login Rename
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
CVSS 4.7
CVE-2021-25957 WRITEUP HIGH WRITEUP
Dolibarr 2.8.1-13.0.2 and <14.0.0 - Account Takeover via Password Reset Link
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.
CVSS 8.8
CVE-2021-3991 WRITEUP MEDIUM WRITEUP
Dolibarr < 15.0.0 and dolibarr_erp/crm < 20.0.2 - Improper Authorization via Direct URL Access
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
CVSS 4.3
CVE-2022-0224 WRITEUP CRITICAL WRITEUP
Dolibarr < 15.0.0 - SQL Injection
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVSS 9.8
CVE-2022-0414 WRITEUP MEDIUM WRITEUP
Packagist dolibarr/dolibarr <16.0 - Info Disclosure
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
CVSS 4.3
CVE-2022-0731 WRITEUP MEDIUM WRITEUP
Dolibarr < 16.0 - Improper Access Control
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
CVSS 6.5
CVE-2022-0746 WRITEUP MEDIUM WRITEUP
dolibarr/dolibarr <16.0 - Info Disclosure
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
CVSS 4.3
CVE-2022-0819 WRITEUP HIGH WRITEUP
Dolibarr < 15.0.1 - Code Injection
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
CVSS 8.8
CVE-2022-4093 WRITEUP CRITICAL WRITEUP
Dolibarr 16.0.1 and 16.0.2 - SQL Injection
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
CVSS 9.8
CVE-2023-4198 WRITEUP MEDIUM WRITEUP
Dolibarr ERP CRM < 17.0.3 and < 18.0.0 - Authenticated Improper Access Control
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
CVSS 6.5
CVE-2023-5323 WRITEUP MEDIUM WRITEUP
Dolibarr < 18.0 - Cross-Site Scripting
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
CVSS 6.1
CVE-2023-5842 WRITEUP MEDIUM WRITEUP
Dolibarr < 16.0.5 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
CVSS 4.8