Joao A. C. Buschinelli - Security Researcher - Exploit Intelligence Platform

CVE-2024-29477 WRITEUP HIGH WRITEUP

Dolibarr ERP CRM <19.0.0 - Code Injection

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

CVSS 8.8

View Code

CVE-2024-31503 WRITEUP HIGH WRITEUP

Dolibarr ERP CRM < 19.0.1 - Authenticated Session Cookie and CSRF Token Theft via Crafted Web Page

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

CVSS 7.5

View Code

CVE-2024-37821 WRITEUP HIGH WRITEUP

Dolibarr ERP CRM < 19.0.2 - Arbitrary File Upload and Remote Code Execution via Upload Template Function

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

CVSS 8.8

View Code