CVE-2022-40871

CRITICAL9.8EPSS 51.6%

Dolibarr vulnerable to Eval Injection

發布日:2022/10/12修改日:2025/5/15

描述

Dolibarr ERP & CRM <=15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

受影響套件(2)

Bitnami/dolibarrfrom 0, <= 15.0.3
Packagist/dolibarr/dolibarrfrom 0, <= 15.0.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-40871
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://github.com/youncyb/dolibarr-rce