CVE-2024-5314

CRITICAL9.1EPSS 0.11%

Multiple vulnerabilities in DOLIBARR's ERP CMS

Published: 5/24/2024Modified: 5/20/2025

Also known as:GHSA-c3h9-q3jx-w7fcBIT-dolibarr-2024-5314

Description

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.

Affected packages (2)

Bitnami/dolibarr>= 9.0.1, < 18.0.5
Packagist/dolibarr/dolibarrfrom 0, <= 9.0.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-5314
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms