CVE-2024-37821 – This vulnerability allows attackers to upload m... (How to Fix)

Q: What is the severity of CVE-2024-37821?

CVE-2024-37821 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to upload malicious .SQL files through the Upload Template function in Dolibarr ERP CRM, potentially leading to arbitrary code execution. It affects Dolibarr ERP CRM users up to version 19.0.1, putting their systems at risk of compromise.

📋 TL;DR

This vulnerability allows attackers to upload malicious .SQL files through the Upload Template function in Dolibarr ERP CRM, potentially leading to arbitrary code execution. It affects Dolibarr ERP CRM users up to version 19.0.1, putting their systems at risk of compromise.

💻 Affected Systems

Products:

Dolibarr ERP CRM

Versions: Up to v19.0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with the Upload Template function enabled; no specific OS dependencies.

📦 What is this software?

Dolibarr Erp\/crm by Dolibarr

View all CVEs affecting Dolibarr Erp\/crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, data theft, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment and limited server control.

🟢

If Mitigated

Attack blocked by file upload restrictions, with no impact on system integrity.

🌐 Internet-Facing: HIGH, as the vulnerability can be exploited remotely via the web interface.

🏢 Internal Only: MEDIUM, as it requires access to the Dolibarr instance but could be exploited by malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access the Upload Template function; public proof-of-concept details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v19.0.2 or later

Vendor Advisory: http://dolibarr.com

Restart Required: No

Instructions:

1. Backup your Dolibarr installation and database. 2. Download the latest version from the official Dolibarr website. 3. Replace the existing files with the updated version, ensuring to preserve custom configurations. 4. Verify the update by checking the version in the admin panel.

🔧 Temporary Workarounds

Disable Upload Template Function

all

Temporarily disable the vulnerable Upload Template feature to prevent exploitation.

Edit Dolibarr configuration to remove or restrict access to the upload template module.

Implement File Upload Restrictions

linux

Configure web server or application to block .SQL file uploads.

Add rule to .htaccess: <FilesMatch "\.sql$"> Deny from all </FilesMatch> for Apache.

🧯 If You Can't Patch

Restrict network access to the Dolibarr instance using firewalls to limit exposure.
Implement strict authentication and monitoring for file upload activities.

🔍 How to Verify

Check if Vulnerable:

Check the Dolibarr version in the admin panel or via the system information page; if version is 19.0.1 or earlier, it is vulnerable.

Check Version:

In Dolibarr, navigate to Home > Setup > System Information to view the version.

Verify Fix Applied:

After updating, confirm the version is 19.0.2 or later and test the Upload Template function with a safe file to ensure it rejects .SQL uploads.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads, especially .SQL files, in web server logs or Dolibarr audit logs.

Network Indicators:

HTTP POST requests to upload endpoints with .SQL file extensions.

SIEM Query:

source="web_logs" AND (url="*upload*" OR method="POST") AND file_extension=".sql"

📊 Metadata

CVE ID: CVE-2024-37821

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: June 18, 2024

Last Updated: June 13, 2025

🔗 References

http://dolibarr.com Product
https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md Third Party Advisory
http://dolibarr.com Product
https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-37821.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37821, you might also want to check these: