CVE-2024-37821

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM versions up to 19.0.1

Description The issue concerns an arbitrary file upload vulnerability in the Upload Template function. This vulnerability allows attackers to execute arbitrary code by uploading a crafted .SQL file.

Recommendations For versions up to 19.0.1, consider disabling the Upload Template function until a patch is available to prevent exploitation. Restrict access to the Upload Template feature to minimize the risk of arbitrary code execution.

Exploit

Fix

Code Injection

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-434

Related Identifiers

BIT-DOLIBARR-2024-37821

CVE-2024-37821

GHSA-P7R8-7W87-8G46

Affected Products

Dolibarr Erp/Crm

CVE-2024-37821

Weakness Enumeration

Related Identifiers

Affected Products

References · 7