Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-5315SQL Injection in Dolibarr

CWE-89SQL Injection6 documents5 sources
Severity
9.1CRITICALNVD
EPSS
63.0%
top 1.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
DolibarrDolibarr ERP CMSDolibarr ERP CRM
Timeline
PublishedMay 24

Description

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

Packagistdolibarr/dolibarr9.0.1
CVEListV5dolibarr/erp_cms9.0.1

🔴Vulnerability Details

4
CVEList
Multiple vulnerabilities in DOLIBARR's ERP CMS2024-05-24
OSV
CVE-2024-5315: Vulnerabilities in Dolibarr ERP - CRM that affect version 92024-05-24
GHSA
Dolibarr vulnerable to SQL Injection2024-05-24
OSV
Dolibarr vulnerable to SQL Injection2024-05-24

💥Exploits & PoCs

1
Nuclei
Dolibarr ERP CMS `list.php` - SQL Injection
CVE-2024-5315 — SQL Injection in Dolibarr | cvebase