CVE-2024-29477

MEDIUM6.8EPSS 0.17%

Dolibarr ERP CRM Code Injection vulnerability during installation

發布日:2024/4/3修改日:2025/4/3

描述

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

受影響套件(2)

Bitnami/dolibarrfrom 0, < 19.0.1
Packagist/dolibarr/dolibarrfrom 0, <= 19.0.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-29477
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttp://dolibarr.com
WEBhttps://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md