GHSA-p7r8-7w87-8g46

Опубликовано: 18 июн. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 8.8

Описание

Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

Ссылки

Пакеты

Наименование

dolibarr/dolibarr

composer

Затронутые версииВерсия исправления

< 19.0.2

19.0.2

EPSS

Процентиль: 46%

0.00234

Низкий

8.7 High

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2024-37821

Дефекты

CWE-434

CWE-94

Связанные уязвимости

CVE-2024-37821

CVSS3: 8.8

ubuntu

больше 1 года назад

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

CVE-2024-37821

CVSS3: 8.8

nvd

больше 1 года назад

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

CVE-2024-37821

CVSS3: 8.8

debian

больше 1 года назад

An arbitrary file upload vulnerability in the Upload Template function ...

EPSS

Процентиль: 46%

0.00234

Низкий

8.7 High

CVSS4

8.8 High

CVSS3

CVE ID

CVE-2024-37821

Дефекты

CWE-434

CWE-94