CVE-2022-40871

CRITICAL9.8EPSS 51.6%

Dolibarr vulnerable to Eval Injection

Published: 10/12/2022Modified: 4/3/2025

Also known as:GHSA-7cm4-vmf2-8wf2BIT-dolibarr-2022-40871

Description

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Affected packages (2)

Bitnami/dolibarrfrom 0, <= 15.0.3
Packagist/dolibarr/dolibarrfrom 0, <= 15.0.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-40871
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://github.com/youncyb/dolibarr-rce