GHSA-7cm4-vmf2-8wf2

Source
https://github.com/advisories/GHSA-7cm4-vmf2-8wf2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-7cm4-vmf2-8wf2/GHSA-7cm4-vmf2-8wf2.json
Aliases
Published
2022-10-12T19:00:42Z
Modified
2023-11-08T04:10:25.920148Z
Details

Dolibarr ERP & CRM <=15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

References

Affected packages

Packagist / dolibarr/dolibarr

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
15.0.3

Affected versions

3.*

3.6.0-beta
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.8.0-beta
3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.9.0-rc
3.9.0-rc2
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4

4.*

4.0.0-beta
4.0.0-rc
4.0.0-rc2
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6

5.*

5.0.0-beta
5.0.0-rc1
5.0.0-rc2
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7

6.*

6.0.0-beta
6.0.0-rc
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5

8.*

8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6

9.*

9.0.0
9.0.1
9.0.2
9.0.3
9.0.4

10.*

10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7

11.*

11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5

12.*

12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5

13.*

13.0.0
13.0.1
13.0.2
13.0.3
13.0.4
13.0.5

14.*

14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5

15.*

15.0.0
15.0.1
15.0.2
15.0.3