CVE-2024-5315

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published May 24, 2024
CWE ID 89

Summary

CVE-2024-5315 is a newly disclosed vulnerability affecting Dolibarr ERP - CRM version 9.0.1. SQL injection flaws have been identified in this software, enabling remote attackers to execute malicious SQL queries. By manipulating the 'viewstatut' parameter in the '/dolibarr/commande/list.php' file, an adversary can gain unauthorized access to all stored data within the system's database. This issue poses a significant risk for organizations using the affected version of Dolibarr ERP - CRM and necessitates an immediate upgrade to a secure release.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share