Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wN3I4LTd3ODctOGc0Ns4AA9J9
Dolibarr arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
Permalink: https://github.com/advisories/GHSA-p7r8-7w87-8g46JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wN3I4LTd3ODctOGc0Ns4AA9J9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 4 months ago
Updated: 3 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-p7r8-7w87-8g46, CVE-2024-37821
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-37821
- https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md
- http://dolibarr.com
- https://github.com/advisories/GHSA-p7r8-7w87-8g46
Blast Radius: 6.8
Affected Packages
packagist:dolibarr/dolibarr
Dependent packages: 0Dependent repositories: 6
Downloads: 5,021 total
Affected Version Ranges: < 19.0.2
Fixed in: 19.0.2
All affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 15.0.0, 15.0.1, 15.0.2, 15.0.3
All unaffected versions: