CVE-2024-29477: Dolibarr ERP CRM Code Injection vulnerability during installation

April 3, 2024 (updated March 31, 2025)

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

References

github.com/Dolibarr/dolibarr
github.com/advisories/GHSA-p73x-rpgm-3v56
github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-29477.md
nvd.nist.gov/vuln/detail/CVE-2024-29477

Code Behaviors & Features

Detect and mitigate CVE-2024-29477 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →