CVE-2024-40137: Dolibarr ERP CRM vulnerable to remote code execution (RCE)

July 24, 2024 (updated November 18, 2024)

Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

References

github.com/Dolibarr/dolibarr
github.com/advisories/GHSA-vprp-94p9-5jp8
github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137
nvd.nist.gov/vuln/detail/CVE-2024-40137

Code Behaviors & Features

Detect and mitigate CVE-2024-40137 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →