Arbitrary File Upload Flaw in Dolibarr ERP CRM Software
CVE-2024-37821

8.8HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr ERP CRM
Vendor: CVE Published:; 18 June 2024

What is CVE-2024-37821?

An arbitrary file upload vulnerability exists in the Upload Template function of Dolibarr ERP CRM versions up to v19.0.1. This security flaw allows attackers to upload a specially crafted .SQL file, potentially leading to the execution of arbitrary code on the server. Exploiting this vulnerability can compromise sensitive data and disrupt the functionality of the application, emphasizing the need for immediate attention and remediation. Organizations using the affected versions should implement necessary security measures to mitigate risks associated with this vulnerability.

References

http://dolibarr.com

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-202...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 10, 2024

CVE-2024-37821 Data

JSON