CVE-2024-37821: Dolibarr arbitrary file upload vulnerability

June 18, 2024

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

References

github.com/Dolibarr/dolibarr
github.com/advisories/GHSA-p7r8-7w87-8g46
github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md
nvd.nist.gov/vuln/detail/CVE-2024-37821

Code Behaviors & Features

Detect and mitigate CVE-2024-37821 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →