Dolibarr ERP & CRM <=15.0.3 Eval Injection Vulnerability

Dolibarr ERP & CRM <=15.0.3 Eval Injection Vulnerability

CVE-2022-40871 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Learn more about our Crm Penetration Testing.