CVE-2024-5315

CRITICAL NUCLEI

Dolibarr ERP - CRM <9.0.1 - SQL Injection

Title source: llm

Description

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php.

Nuclei Templates (1)

Dolibarr ERP CMS `list.php` - SQL Injection

CRITICALVERIFIEDby rootxharsh,iamnoooob,pdresearch

Shodan: http.title:"Dolibarr"

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms

Scores

CVSS v3 9.1

EPSS 0.6303

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-89

Status published

Products (2)

dolibarr/dolibarr 0Packagist

dolibarr/dolibarr_erp\/crm 9.0.1

Published May 24, 2024

Tracked Since Feb 18, 2026