CVE-2022-40871: Code Injection
First published: Wed Oct 12 2022(Updated: )
Dolibarr ERP & CRM <=15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dolibarr Dolibarr Erp\/crm | <=15.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-40871.
What is the severity of CVE-2022-40871?
The severity of CVE-2022-40871 is critical.
What is the affected software for CVE-2022-40871?
The affected software for CVE-2022-40871 is Dolibarr ERP & CRM version <=15.0.3.
How can an administrator be added to the installation page of Dolibarr?
By default, any administrator can be added to the installation page of Dolibarr.
What can an attacker do if they successfully add an administrator to Dolibarr?
If an attacker successfully adds an administrator to Dolibarr, they can insert malicious code into the database and execute it using 'eval'.
- collector/github-advisory-latest
- alias/GHSA-7cm4-vmf2-8wf2
- alias/CVE-2022-40871
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/composer
- vendor/dolibarr
- canonical/dolibarr dolibarr erp\/crm
- version/dolibarr dolibarr erp\/crm/15.0.3