CVE-2024-5315

CRITICAL9.1EPSS 57.2%

Multiple vulnerabilities in DOLIBARR's ERP CMS

Published: 5/24/2024Modified: 5/20/2025

Also known as:GHSA-q8x7-jc3h-p8xcBIT-dolibarr-2024-5315

Description

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php.

Affected packages (2)

Bitnami/dolibarr>= 9.0.1, < 18.0.5
Packagist/dolibarr/dolibarrfrom 0, <= 9.0.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-5315
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms