Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
{ "cpes": [ "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*" ], "severity": "High" }