Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2021-33816 - Vulnerability Database

Dolibarr

Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2021-33816

Critical

Reference: CVE-2021-33816

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-33816

Title: Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability

Overview:

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system exec and shell_exec are blocked but backticks are not blocked.