CVE-2024-29477

MEDIUM6.8EPSS 0.17%

Dolibarr ERP CRM Code Injection vulnerability during installation

Published: 4/3/2024Modified: 4/3/2025

Also known as:GHSA-p73x-rpgm-3v56BIT-dolibarr-2024-29477

Description

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

Affected packages (2)

Bitnami/dolibarrfrom 0, < 19.0.1
Packagist/dolibarr/dolibarrfrom 0, <= 19.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-29477
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttp://dolibarr.com
WEBhttps://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md