Dolibarr ERP - CRM Vulnerabilities Allow SQL Injection
CVE-2024-5315

9.1CRITICAL

Key Information:

Vendor: Dolibarr
Status: Erp Cms
Vendor: CVE Published:; 24 May 2024

What is CVE-2024-5315?

The vulnerability in Dolibarr ERP - CRM, specifically in version 9.0.1, allows remote attackers to exploit SQL injection weaknesses. By crafting malicious SQL queries sent through the viewstatut parameter in /dolibarr/commande/list.php, attackers can potentially retrieve sensitive information from the underlying database. This emphasizes the need for robust input validation and security measures to protect the application and its data.

Affected Version(s)

ERP CMS 9.0.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2024
Vulnerability Reserved
May 24, 2024

Credit

Rafael Pedrero