Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2018-25357 - Vulnerability Database
Dolibarr

Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2018-25357

Critical
Reference: CVE-2018-25357
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-25357
Title: Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter then execute commands via the check.php endpoint using the cmd GET parameter.