CVE-2022-40871

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dolibarr ERP & CRM versions <=15.0.3

Description The issue allows malicious code to be inserted into the database and then executed by eval. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, this can lead to eval injection.

Recommendations For versions <=15.0.3, update to a version higher than 15.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the installation page of dolibarr to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Eval Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-95

Related Identifiers

BIT-DOLIBARR-2022-40871

CVE-2022-40871

GHSA-7CM4-VMF2-8WF2

Affected Products

Dolibarr Erp/Crm

CVE-2022-40871

Weakness Enumeration

Related Identifiers

Affected Products

References · 10