Description

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Remediation

References

CVE-2022-40871

Related Vulnerabilities

WordPress Plugin Shopp Arbitrary File Upload (1.4)

WordPress Plugin Customify-Intuitive Website Styling Cross-Site Request Forgery (2.10.4)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35984)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3631)

Severity

Critical

Classification

CVE-2022-40871 CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities