Skip to content

Dolibarr ERP CRM vulnerable to remote code execution (RCE)

Moderate severity GitHub Reviewed Published Jul 24, 2024 to the GitHub Advisory Database • Updated Aug 2, 2024

Package

composer dolibarr/dolibarr (Composer)

Affected versions

< 19.0.2

Patched versions

19.0.2

Description

Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

References

Published by the National Vulnerability Database Jul 24, 2024
Published to the GitHub Advisory Database Jul 24, 2024
Reviewed Jul 25, 2024
Last updated Aug 2, 2024

Severity

Moderate

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-40137

GHSA ID

GHSA-vprp-94p9-5jp8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.