CVE-2024-31503 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-31503?

CVE-2024-31503 has a CVSS score of 7.5 (HIGH). This vulnerability allows authenticated attackers in Dolibarr ERP CRM to steal session cookies and CSRF tokens from other users through crafted web pages. This can lead to complete account takeover of victim users. All users of Dolibarr versions 19.0.0 and earlier are affected.

📋 TL;DR

This vulnerability allows authenticated attackers in Dolibarr ERP CRM to steal session cookies and CSRF tokens from other users through crafted web pages. This can lead to complete account takeover of victim users. All users of Dolibarr versions 19.0.0 and earlier are affected.

💻 Affected Systems

Products:

Dolibarr ERP CRM

Versions: 19.0.0 and earlier

Operating Systems: All platforms running Dolibarr

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated attacker and user interaction with crafted page.

📦 What is this software?

Dolibarr Erp\/crm by Dolibarr

View all CVEs affecting Dolibarr Erp\/crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover of any user, including administrators, leading to data theft, privilege escalation, and system compromise.

🟠

Likely Case

Attackers steal session cookies to impersonate users, accessing sensitive business data and performing unauthorized actions.

🟢

If Mitigated

With proper session management and CSRF protections, impact limited to temporary session hijacking without persistent access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated attacker and social engineering to trick users into visiting malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 19.0.1 or later

Vendor Advisory: https://github.com/Dolibarr/dolibarr/security/advisories

Restart Required: No

Instructions:

1. Backup your Dolibarr installation and database. 2. Download latest version from official repository. 3. Replace files with patched version. 4. Clear browser caches and sessions.

🔧 Temporary Workarounds

Session hardening

all

Implement strict session management and cookie security headers

Set session.cookie_httponly=1 in php.ini
Set session.cookie_secure=1 if using HTTPS

CSRF token validation

all

Enforce CSRF token validation on all state-changing requests

🧯 If You Can't Patch

Implement web application firewall rules to detect and block session cookie theft attempts
Monitor for unusual session activity and implement session timeouts

🔍 How to Verify

Check if Vulnerable:

Check Dolibarr version in admin panel or by examining version.php file

Check Version:

grep '\$version' htdocs/includes/version.php

Verify Fix Applied:

Verify version is 19.0.1 or later and test CSRF protection functionality

📡 Detection & Monitoring

Log Indicators:

Multiple session creations from same IP
Session ID reuse across different user agents
CSRF token validation failures

Network Indicators:

Unusual redirects to external domains
Suspicious JavaScript injection attempts

SIEM Query:

source="dolibarr.log" AND ("session hijack" OR "CSRF token" OR "cookie theft")

📊 Metadata

CVE ID: CVE-2024-31503

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

CWE: CWE-352

Published: April 17, 2024

Last Updated: June 13, 2025

🔗 References

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md Third Party Advisory
https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31503, you might also want to check these: