Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40871

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Published

2022-10-12T12:15:09.657

Last Modified

2025-05-15T15:16:03.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-94
Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dolibarr	dolibarr_erp\/crm	≤ 15.0.3	Yes

References

https://github.com/youncyb/dolibarr-rce Exploit, Third Party Advisory ([email protected])
https://github.com/youncyb/dolibarr-rce Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)