Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2026-31018
Reference:
CVE-2026-31018
Title:
Dolibarr Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:
In Dolibarr ERP amp CRM lt 22.0.4 PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page creation.