BIT-dolibarr-2022-40871

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/dolibarr/BIT-dolibarr-2022-40871.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-dolibarr-2022-40871

Aliases

Published

2025-04-03T14:06:02.191Z

Modified

2025-04-03T15:27:13.595549Z

Summary

[none]

Details

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Database specific

{
    "cpes": [
        "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

Affected packages

Bitnami / dolibarr

Package

Name: dolibarr
Purl: pkg:bitnami/dolibarr

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

15.0.3