Public Security Advisory: CVE-2024-29477

CVSS Score

Base Score: 8.4 (High)
Vector: CVSS:3.1/AV:A/PR:H/S:C/I:H/AC:L/UI:N/C:H/A:H

Affected Product

The issue was found on Dolibarr ERP/CRM

Affected Versions

Dolibarr ERP/CRM up to 19.0.0
Fixed in version 19.0.1

CVE ID

CVE-2024-29477

Description

A security vulnerability has been identified in Dolibarr ERP/CRM, affecting versions up to 19.0.0. This vulnerability allows an attacker to inject arbitrary code into the application due to insufficient sanitization of input during the Dolibarr ERP/CRM installation process.

Impact

An attacker could exploit this vulnerability to execute arbitrary code on the target system, potentially leading to a partial or full compromise of the system.

Vulnerability Type

CWE-94: Improper Control of Generation of Code ('Code Injection')

Researcher

Joao A. C. Buschinelli

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2024-29477.md

CVE-2024-29477.md

Public Security Advisory: CVE-2024-29477

CVSS Score

Affected Product

Affected Versions

CVE ID

Description

Impact

Vulnerability Type

Researcher

Files

CVE-2024-29477.md

Latest commit

History

CVE-2024-29477.md

File metadata and controls

Public Security Advisory: CVE-2024-29477

CVSS Score

Affected Product

Affected Versions

CVE ID

Description

Impact

Vulnerability Type

Researcher