CVE-2022-40871

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Published: Oct 12, 2022
Updated: Aug 9, 2023
CVE: CVE-2022-40871
GHSA: GHSA-7cm4-vmf2-8wf2
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94
CWE-276
CWE-95

Affected Software
References

Software	From	Fixed in
dolibarr / dolibarr_erp/crm	-	15.0.3.x
dolibarr / dolibarr	-	15.0.3.x

https://github.com/youncyb/dolibarr-rce

Vulnerability Database

289,784

CVE-2022-40871