Arbitrary File Upload Flaw in Dolibarr ERP CRM Software
CVE-2024-37821

Currently unrated

Key Information:

Vendor: Dolibarr
Status: Dolibarr ERP CRM
Vendor: CVE Published:; 18 June 2024

What is CVE-2024-37821?

An arbitrary file upload vulnerability exists in the Upload Template function of Dolibarr ERP CRM versions up to v19.0.1. This security flaw allows attackers to upload a specially crafted .SQL file, potentially leading to the execution of arbitrary code on the server. Exploiting this vulnerability can compromise sensitive data and disrupt the functionality of the application, emphasizing the need for immediate attention and remediation. Organizations using the affected versions should implement necessary security measures to mitigate risks associated with this vulnerability.

References

http://dolibarr.com

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-202...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 10, 2024