Dolibarr/dolibarr is vulnerable to command injection. A lack of validation in the $command
parameter allows a remote attacker to submit characters that can be used to bypass escapeshellarg
and inject arbitrary commands into the affected parameter.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 9.0.2 |