Description

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input.

Remediation

References

CVE-2024-29477

Related Vulnerabilities

Envoy Proxy Improper Handling of Highly Compressed Data (Data Amplification) Vulnerability (CVE-2022-29225)

Apache Tomcat Improper Access Control Vulnerability (CVE-2016-5388)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)

WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)

Moodle CVE-2023-5543 Vulnerability (CVE-2023-5543)

Severity

High

Classification

CVE-2024-29477 CWE-94 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities