Description
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Remediation
References
Related Vulnerabilities
WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)
Oracle JRE CVE-2014-0452 Vulnerability (CVE-2014-0452)
WordPress Plugin Easy Gallery Slideshow Cross-Site Scripting (1.1)
WordPress Plugin Zeno Font Resizer Cross-Site Scripting (1.7.9)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)