Lucene search

CVE-2024-5315

🗓️ 24 May 2024 10:11:15Reported by INCIBEType

cve🔗 web.nvd.nist.gov👁 61 Views🌐 WEB

Vulnerabilities in Dolibarr ERP - CRM version 9.0.1 allow remote SQL injection via /dolibarr/commande/list.ph

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 11
github	Dolibarr vulnerable to SQL Injection	24 May 202414:53	–	github
cvelist	CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS	24 May 202410:06	–	cvelist
osv	CVE-2024-5315	24 May 202410:15	–	osv
osv	GHSA-Q8X7-JC3H-P8XC Dolibarr vulnerable to SQL Injection	24 May 202414:53	–	osv
osv	UBUNTU-CVE-2024-5315	24 May 202410:15	–	osv
osv	BIT-DOLIBARR-2024-5315	3 Apr 202514:07	–	osv
veracode	SQL Injection	28 May 202406:30	–	veracode
vulnrichment	CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS	24 May 202410:06	–	vulnrichment
nuclei	Dolibarr ERP CMS `list.php` - SQL Injection	25 Jul 202409:15	–	nuclei
ubuntucve	CVE-2024-5315	24 May 202400:00	–	ubuntucve

Nvd

Vulners

Vulnrichment

Node

dolibarr dolibarr_erp/crmMatch9.0.1

[
  {
    "defaultStatus": "unaffected",
    "product": "ERP CMS",
    "vendor": "Dolibarr",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.1"
      }
    ]
  }
]

Source	Link
incibe	www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms

Parameter	Position	Path	Description	CWE
viewstatut	query param	/dolibarr/commande/list.php	SQL injection vulnerability allowing attackers to manipulate SQL queries through the viewstatut parameter.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 May 2024 10:15Current

9.6High risk

Vulners AI Score9.6

CVSS39.1

EPSS0.3346

SSVC

CWE-89