プラットフォーム
php
コンポーネント
dolibarr/dolibarr
修正版
9.0.2
9.0.2
CVE-2024-5315 represents a critical SQL injection vulnerability discovered in Dolibarr ERP - CRM. This flaw allows a remote attacker to craft malicious SQL queries, potentially leading to unauthorized data access and manipulation. The vulnerability affects versions of Dolibarr ERP - CRM up to and including 9.0.1. A patch is available in version 9.0.2.
The impact of CVE-2024-5315 is severe. Successful exploitation allows an attacker to inject arbitrary SQL code into database queries through the /dolibarr/commande/list.php endpoint. This can lead to complete compromise of the database, including sensitive customer data, financial records, and system configurations. An attacker could potentially extract, modify, or delete data, leading to significant business disruption and reputational damage. The ability to execute arbitrary SQL also opens the door to privilege escalation and potentially gaining control of the underlying server. This vulnerability shares characteristics with other SQL injection attacks, where attackers leverage database vulnerabilities to gain unauthorized access.
CVE-2024-5315 was publicly disclosed on 2024-05-24. The vulnerability is considered critical due to the potential for complete data compromise. No public proof-of-concept exploits have been widely reported as of this writing, but the ease of SQL injection exploitation suggests that it is likely to become a target. The EPSS score is likely to be medium to high, given the severity and relatively straightforward nature of the vulnerability. Check CISA and NVD for updates on exploitation activity.
Organizations utilizing Dolibarr ERP - CRM, particularly those with sensitive customer data or financial information, are at significant risk. Shared hosting environments where multiple users share the same Dolibarr instance are especially vulnerable, as a compromise of one user's account could potentially lead to access to data belonging to other users. Legacy configurations with outdated security practices are also at higher risk.
• php: Examine Dolibarr logs for unusual SQL queries or error messages related to database access. Look for patterns indicative of SQL injection attempts.
grep -i "sql injection" /var/log/dolibarr/error.log• generic web: Use curl to test the /dolibarr/commande/list.php endpoint with various SQL injection payloads to identify potential vulnerabilities.
curl -X POST -d "param='; DROP TABLE users;--" /dolibarr/commande/list.php• generic web: Review access logs for requests to /dolibarr/commande/list.php originating from unusual IP addresses or user agents.
disclosure
エクスプロイト状況
EPSS
63.03% (98% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-5315 is to immediately upgrade Dolibarr ERP - CRM to version 9.0.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Input validation and sanitization on the /dolibarr/commande/list.php endpoint can help reduce the attack surface, although this is not a substitute for patching. Web application firewalls (WAFs) configured with rules to detect and block SQL injection attempts can provide an additional layer of defense. Monitor Dolibarr logs for suspicious SQL queries and unusual database activity. After upgrading, verify the fix by attempting a SQL injection attack on the /dolibarr/commande/list.php endpoint and confirming that the attack is blocked.
Actualice Dolibarr ERP CMS a una versión posterior a la 9.0.1 que corrija la vulnerabilidad de inyección SQL. Consulte el sitio web oficial de Dolibarr para obtener la última versión y las instrucciones de actualización. Aplique las actualizaciones de seguridad tan pronto como estén disponibles.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-5315 is a critical SQL Injection vulnerability in Dolibarr ERP - CRM versions up to 9.0.1, allowing attackers to inject malicious SQL queries and potentially access sensitive data.
You are affected if you are running Dolibarr ERP - CRM version 9.0.1 or earlier. Upgrade to version 9.0.2 or later to mitigate the risk.
The recommended fix is to upgrade Dolibarr ERP - CRM to version 9.0.2 or later. Temporary workarounds include input validation and WAF rules.
While no widespread exploitation has been confirmed, the ease of SQL injection exploitation suggests it is likely to become a target. Monitor your systems for suspicious activity.
Refer to the official Dolibarr security advisory for detailed information and updates: [https://www.dolibarr.org/security/](https://www.dolibarr.org/security/)