Joao A. C. Buschinelli - Security Researcher - Exploit Intelligence Platform

CVE-2024-29477 WRITEUP HIGH WRITEUP

Dolibarr ERP CRM <19.0.0 - Code Injection

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

CVSS 8.8

View Code

CVE-2024-31503 WRITEUP HIGH WRITEUP

Dolibarr Erp/crm < 19.0.1 - Improper Access Control

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

CVSS 7.5

View Code

CVE-2024-37821 WRITEUP HIGH WRITEUP

Dolibarr Erp/crm < 19.0.2 - Code Injection

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

CVSS 8.8

View Code