Bryam Vargas

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 Dolibarr ERP/CRM version 24.0.0-alpha **Description** A remote attacker can execute arbitrary code through the 'htdocs/core/actions addupdatedelete.inc.php' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 Dolibarr ERP/CRM version 24.0.0-alpha **Description** A remote attacker can execute arbitrary code through the `call user func array()` function within the job type processing located in 'htdocs/cron/class/cronjob.class.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM versions 22.0.0 through 22.0.4 Dolibarr ERP/CRM version 24.0.0-alpha **Description** A remote attacker can execute arbitrary code through the file `htdocs/core/class/commonobject.class.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.