CVE-2024-37821 is an arbitrary file upload vulnerability identified in the Upload Template function of Dolibarr ERP CRM versions up to 19.0.1. The vulnerability arises because the application fails to properly validate or restrict the types of files uploaded through this function, allowing an attacker with at least limited privileges (PR:L) to upload maliciously crafted .SQL files. These files can contain arbitrary code that the system may execute, leading to remote code execution (RCE). The vulnerability is exploitable over the network (AV:N) without user interaction (UI:N), and the attack complexity is low (AC:L), meaning an attacker can reliably exploit it without specialized conditions. The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing attackers to gain unauthorized access, modify or delete data, and disrupt services. The scope is unchanged (S:U), meaning the vulnerability affects the vulnerable component only. Although no public exploits have been reported yet, the nature of the vulnerability and the critical role of ERP systems in business operations make this a significant threat. The underlying weakness corresponds to CWE-94, which involves improper control of code injection leading to arbitrary code execution. Organizations using Dolibarr ERP CRM should consider this vulnerability critical and prioritize remediation.

The impact of CVE-2024-37821 on organizations worldwide is substantial due to the critical role ERP systems like Dolibarr play in managing business processes, financial data, and customer information. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code, steal sensitive data, manipulate business records, or disrupt operations. This can result in financial losses, reputational damage, regulatory penalties, and operational downtime. Since the vulnerability requires only limited privileges and no user interaction, insider threats or compromised accounts can be leveraged to escalate attacks rapidly. The availability of a network attack vector increases the risk of remote exploitation by external attackers. Organizations relying on Dolibarr ERP CRM without timely patches or mitigations are at risk of targeted attacks, especially those in sectors with high-value data or critical infrastructure dependencies.

To mitigate CVE-2024-37821, organizations should immediately apply any patches or updates released by Dolibarr addressing this vulnerability. In the absence of an official patch, administrators should disable or restrict access to the Upload Template function to trusted users only. Implement strict file upload validation controls to block unauthorized file types, especially .SQL files, and enforce whitelisting of allowed file extensions. Employ network segmentation and access controls to limit exposure of the ERP system to untrusted networks. Monitor logs for suspicious upload activity and anomalous behavior indicative of exploitation attempts. Use application-level firewalls or intrusion prevention systems to detect and block malicious payloads. Regularly audit user privileges to minimize the number of accounts with upload permissions. Additionally, maintain up-to-date backups and develop incident response plans to quickly recover from potential compromises.