Critical severityNVD Advisory· Published May 24, 2024· Updated Aug 1, 2024
Multiple vulnerabilities in DOLIBARR's ERP CMS
CVE-2024-5314
Description
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | <= 9.0.1 | — |
Affected products
3- osv-coords2 versions
>= 9.0.1, < 18.0.5+ 1 more
- (no CPE)range: >= 9.0.1, < 18.0.5
- (no CPE)range: <= 9.0.1
- Dolibarr/ERP CMSv5Range: 9.0.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.