Lucene search

GitHub Advisory DatabaseGHSA-C3H9-Q3JX-W7FC

HistoryMay 24, 2024 - 2:53 p.m.

Dolibarr vulnerable to SQL Injection

2024-05-2414:53:33

CWE-89

GitHub Advisory Database

github.com

dolibarr

erp

crm

sql injection

vulnerabilities

remote attacker

database retrieval

parameters

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.

Affected configurations

Vulners

Node

dolibarrdolibarrRange≤9.0.1

CPENameOperatorVersion
dolibarr/dolibarrle9.0.1

CPE	Name	Operator	Version
	dolibarr/dolibarr	le	9.0.1

References

github.com/advisories/GHSA-c3h9-q3jx-w7fc

nvd.nist.gov/vuln/detail/CVE-2024-5314

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for GHSA-C3H9-Q3JX-W7FC