Lucene search
China National Vulnerability DatabaseCNVD-2023-11248HistoryOct 14, 2022 - 12:00 a.m.
Dolibarr ERP/CRM Access Control Error Vulnerability
2022-10-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
33
dolibarr erp/crm
access control
vulnerability
web-based
french dolibarr foundation
administrator
malicious code
database
exploit
0.003 Low
EPSS
Percentile
68.8%
Dolibarr ERP/CRM is a web-based enterprise resource planning (ERP) and customer relationship management (CRM) system from the French Dolibarr Foundation. The system can be used to manage products, inventory, invoices, orders, etc. An access control error vulnerability exists in Dolibarr ERP/CRM 15.0.3 and prior versions, which stems from the fact that the installation page of dolibarr can add any administrator by default, and an attacker can exploit the vulnerability to add an administrator, insert malicious code into the database, and execute it via eval.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolibarr dolibarr erp/crm | le | 15.0.3 |
Related
cvelist
cvelist
CVE-2022-40871
2022-10-12 00:00:00
github
github
Dolibarr vulnerable to Eval Injection
2022-10-12 19:00:42
osv
osv
Dolibarr vulnerable to Eval Injection
2022-10-12 19:00:42
CVE-2022-40871
2022-10-12 12:15:09
cve
cve
CVE-2022-40871
2022-10-12 12:15:09
ubuntucve
ubuntucve
CVE-2022-40871
2022-10-12 00:00:00
prion
prion
Design/Logic Flaw
2022-10-12 12:15:00
nvd
nvd
CVE-2022-40871
2022-10-12 12:15:09
veracode
veracode
Remote Code Execution
2022-10-13 12:27:27