Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dolibarr Incorrect Default Permissions Vulnerability - CVE-2022-40871 - Vulnerability Database
Dolibarr

Dolibarr Incorrect Default Permissions Vulnerability - CVE-2022-40871

Critical
Reference: CVE-2022-40871
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-40871
Title: Dolibarr Incorrect Default Permissions Vulnerability
Overview:

Dolibarr ERP amp CRM lt15.0.3 is vulnerable to Eval injection. By default any administrator can be added to the installation page of dolibarr and if successfully added malicious code can be inserted into the database and then execute it by eval.