BIT-dolibarr-2022-40871

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/dolibarr/BIT-dolibarr-2022-40871.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-dolibarr-2022-40871
Aliases
Published
2025-04-03T14:06:02.191Z
Modified
2025-04-03T15:27:13.595549Z
Summary
[none]
Details

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Database specific
{
    "severity": "Critical",
    "cpes": [
        "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / dolibarr

Package

Name
dolibarr
Purl
pkg:bitnami/dolibarr

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
15.0.3