CVE-2024-29477
published 2024-04-03CVE-2024-29477: Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute…
PriorityP351high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.81%
52.4th percentile
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | 0 – 19.0.0 | — |
| dolibarr | dolibarr_erp_crm | < 19.0.1 | 19.0.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dolibarr ERP CRM Code Injection vulnerability during installation
osv·2024-04-03
CVE-2024-29477 [MEDIUM] Dolibarr ERP CRM Code Injection vulnerability during installation
Dolibarr ERP CRM Code Injection vulnerability during installation
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
OSV
CVE-2024-29477: Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19
osv·2024-04-03·CVSS 8.8
CVE-2024-29477 [HIGH] CVE-2024-29477: Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
GHSA
Dolibarr ERP CRM Code Injection vulnerability during installation
ghsa·2024-04-03
CVE-2024-29477 [MEDIUM] CWE-94 Dolibarr ERP CRM Code Injection vulnerability during installation
Dolibarr ERP CRM Code Injection vulnerability during installation
Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-03
Published