Fluid Attacks Database

Description

Dolibarr ERP CRM Code Injection vulnerability during installation Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
packagist	dolibarr/dolibarr	>=0 <=19.0.0

Aliases

1. CVE-2024-294772. NVD-2024-294773. OSV-2024-294774. GCVE-2024-29477

References

1. https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md2. http://dolibarr.com