CVE-2021-33816

Name of the Vulnerable Software and Affected Versions: Dolibarr version 13.0.2

Description: The website builder module in Dolibarr allows remote PHP code execution due to an incomplete protection mechanism. Specifically, while system, exec, and shell exec are blocked, backticks are not blocked, enabling this exploit.

Recommendations: For Dolibarr version 13.0.2, consider disabling the website builder module until a patch is available to prevent remote PHP code execution. Restrict access to the module to minimize the risk of exploitation. Avoid using backticks in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.