Chocologicall

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP CRM versions <= 18.0.1 **Description** The issue is related to improper input validation, which fails to strip certain PHP code from user-supplied input when creating a Website. This allows an attacker to inject and evaluate arbitrary PHP code. Approximately 13,472 devices are potentially affected, mainly distributed in France, the United States, and other countries. **Recommendations** For Dolibarr ERP CRM versions <= 18.0.1, update to a version higher than 18.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Website creation feature to minimize the risk of exploitation. Avoid using user-supplied input in the creation of Websites until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP CRM versions <= 17.0.3 **Description** The issue allows an unauthorized authenticated user to read a database table containing customer data due to improper access control. **Recommendations** For versions <= 17.0.3, update to a version higher than 17.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenCart versions 4.0.0.0 through 4.0.2.2 **Description** The issue allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server. This is due to a Path Traversal vulnerability. **Recommendations** For OpenCart versions 4.0.0.0 through 4.0.2.2, consider disabling access to the Log component for users with modify privileges until a patch is available. Restrict access to sensitive files on the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.