Dolibarr Incorrect Default Permissions Vulnerability (CVE-2022-40871)

Description

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Remediation

References

CVE-2022-40871

Related Vulnerabilities

Oracle HTTP Server Inadequate Encryption Strength Vulnerability (CVE-2013-2566)

PHP Other Vulnerability (CVE-2015-6837)

phpMyAdmin Other Vulnerability (CVE-2005-0653)

WordPress Plugin BCS BatchLine Book Importer Security Bypass (1.5.7)

WordPress Plugin Task Manager Pro Multiple Vulnerabilities (1.3.1)

Severity

Critical

Classification

CVE-2022-40871 CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H