Improper php function sanitization, lead to an ability to inject arbitrary PHP code and run arbitrary commands on file system. In the function “dol_eval” in file “dolibarr/htdocs/core/lib/functions.lib.php” dangerous PHP functions are sanitized using “str_replace” and can be bypassed using following code in $s parameter
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | lt | 15.0.1 |