CVE-2022-40871

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
References
Link Resource
https://github.com/youncyb/dolibarr-rce Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-276 CWE-94

14 Oct 2022, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-12 12:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-40871

Mitre link : CVE-2022-40871

CVE.ORG link : CVE-2022-40871


JSON object : View

Products Affected

dolibarr

  • dolibarr_erp\/crm
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')