Base Score

MEDIUM5.5

CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.

VectorNETWORK

Published Bycve@mitre.org

Published DateJul 24, 2024, 19:15

Affected Versions(1)

dolibarr/dolibarr(Packagist)

Introduced0

Fixed19.0.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
dolibarr/dolibarr(Packagist)	0	19.0.2	N/A

Weakness Type (CWE):CWE-74

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

NONE

References

https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-74

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

NONE