CVE-2022-0819

Name of the Vulnerable Software and Affected Versions dolibarr/dolibarr versions prior to 15.0.1

Description The issue is related to code injection in the dolibarr/dolibarr GitHub repository. It involves improper sanitization of PHP functions, which can lead to the injection of arbitrary PHP code and the execution of arbitrary commands on the file system. Specifically, the dol eval function in the dolibarr/htdocs/core/lib/functions.lib.php file uses str replace for sanitization, but this can be bypassed. The exploitation involves using specific code in the $s parameter.

Recommendations For versions prior to 15.0.1, update to version 15.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the dol eval function in the functions.lib.php file until a patch is available. Restrict access to the dolibarr/htdocs/core/lib/functions.lib.php file to minimize the risk of exploitation. Avoid using the $s parameter in the affected function until the issue is resolved.