Medium severity5.5NVD Advisory· Published Jul 24, 2024· Updated Apr 15, 2026

CVE-2024-40137

Description

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
dolibarr/dolibarrPackagist	< 19.0.2	19.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-vprp-94p9-5jp8ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-40137ghsaADVISORY
github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000