Platform
php
Component
dolibarr/dolibarr
Opgelost in
9.0.2
9.0.2
CVE-2024-5314 describes a critical SQL Injection vulnerability affecting Dolibarr ERP - CRM versions up to 9.0.1. This flaw allows a remote attacker to inject malicious SQL queries, potentially leading to unauthorized data access and manipulation. The vulnerability resides in the handling of sortorder and sortfield parameters within the /dolibarr/admin/dict.php file. A patch is available in version 9.0.2.
Successful exploitation of CVE-2024-5314 could grant an attacker complete control over the Dolibarr database. This includes the ability to extract sensitive customer data (names, addresses, financial information), employee records, vendor details, and potentially even system configuration information. The attacker could also modify or delete data, leading to data corruption and operational disruption. Given the ERP nature of Dolibarr, the blast radius extends to all business processes reliant on the system. While no direct precedent for this specific vulnerability exists, SQL injection vulnerabilities are consistently among the most exploited, and the potential for data exfiltration and system compromise is significant.
CVE-2024-5314 was publicly disclosed on 2024-05-24. Its CRITICAL CVSS score (9.1) indicates a high probability of exploitation. No known public proof-of-concept (PoC) code has been released at the time of writing, but the ease of SQL injection exploitation suggests that one may emerge quickly. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Dolibarr instances.
Organizations utilizing Dolibarr ERP - CRM for managing their business processes, particularly those running versions 9.0.0 through 9.0.1, are at significant risk. Shared hosting environments where multiple Dolibarr instances reside on a single server are especially vulnerable, as a compromise of one instance could potentially lead to the compromise of others. Companies relying on Dolibarr for sensitive customer or financial data face the highest potential impact.
• php: Examine Dolibarr application logs for suspicious SQL queries containing unusual characters or patterns.
grep -i 'SELECT .* FROM .* WHERE' /var/log/apache2/dolibarr_error.log• generic web: Use curl to test the /dolibarr/admin/dict.php endpoint with a simple SQL injection payload (e.g., ' OR '1'='1).
curl 'http://your-dolibarr-instance/dolibarr/admin/dict.php?sortorder=test'='1'• generic web: Check access logs for requests to /dolibarr/admin/dict.php originating from unusual IP addresses or user agents.
disclosure
Exploit Status
EPSS
0.21% (43% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-5314 is to immediately upgrade Dolibarr ERP - CRM to version 9.0.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Input validation on the sortorder and sortfield parameters in /dolibarr/admin/dict.php can help prevent malicious input. Web Application Firewalls (WAFs) configured to detect and block SQL injection attempts targeting this specific endpoint can provide an additional layer of defense. Carefully review and restrict access to the /dolibarr/admin/dict.php file to authorized personnel only. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection payload via the affected parameters and verifying that it is properly sanitized.
Actualice Dolibarr ERP CMS a una versión posterior a la 9.0.1 para corregir la vulnerabilidad de inyección SQL. Consulte el sitio web oficial de Dolibarr para obtener la última versión y las instrucciones de actualización. Aplique las actualizaciones de seguridad tan pronto como estén disponibles.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-5314 is a critical SQL Injection vulnerability in Dolibarr ERP - CRM versions up to 9.0.1, allowing attackers to inject malicious SQL queries and potentially access sensitive data.
You are affected if you are running Dolibarr ERP - CRM version 9.0.1 or earlier. Upgrade to version 9.0.2 or later to resolve the vulnerability.
The recommended fix is to upgrade Dolibarr ERP - CRM to version 9.0.2 or later. Temporary workarounds include input validation and WAF implementation.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the official Dolibarr security advisory for detailed information and updates: [https://www.dolibarr.org/](https://www.dolibarr.org/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.