Lucene search

GitHub Advisory DatabaseGHSA-P73X-RPGM-3V56

HistoryApr 03, 2024 - 12:31 p.m.

Dolibarr ERP CRM Code Injection vulnerability during installation

2024-04-0312:31:06

CWE-94

GitHub Advisory Database

github.com

dolibarr

erp

crm

code injection

installation

vulnerability

sanitization

network access

arbitrary code

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

Affected configurations

Vulners

Node

dolibarrdolibarrRange≤19.0.0

CPENameOperatorVersion
dolibarr/dolibarrle19.0.0

CPE	Name	Operator	Version
	dolibarr/dolibarr	le	19.0.0

References

github.com/advisories/GHSA-p73x-rpgm-3v56

github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md

nvd.nist.gov/vuln/detail/CVE-2024-29477