Dolibarr ERP/CRM is a web-based enterprise resource planning (ERP) and customer relationship management (CRM) system from the French Dolibarr Foundation. The system can be used to manage products, inventory, invoices, orders, etc. An access control error vulnerability exists in Dolibarr ERP/CRM 15.0.3 and prior versions, which stems from the fact that the installation page of dolibarr can add any administrator by default, and an attacker can exploit the vulnerability to add an administrator, insert malicious code into the database, and execute it via eval.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr dolibarr erp/crm | le | 15.0.3 |