CVE-2026-31019

Name of the Vulnerable Software and Affected Versions Dolibarr ERP & CRM versions prior to 22.0.5

Description In the Website module, the application employs blacklist-based filtering to restrict dangerous PHP functions associated with system command execution. An authenticated user with permissions to edit PHP content can bypass this filtering, leading to remote code execution and the ability to execute arbitrary operating system commands on the server.

Recommendations Update to a version newer than 22.0.4.