Описание
Code injection in dolibarr/dolibarr
Improper php function sanitization, lead to an ability to inject arbitrary PHP code and run arbitrary commands on file system. In the function "dol_eval" in file "dolibarr/htdocs/core/lib/functions.lib.php" dangerous PHP functions are sanitized using "str_replace" and can be bypassed using following code in $s parameter
Пакеты
Наименование
dolibarr/dolibarr
composer
Затронутые версииВерсия исправления
< 15.0.1
15.0.1
Связанные уязвимости
CVSS3: 8.8
ubuntu
почти 4 года назад
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
CVSS3: 8.8
nvd
почти 4 года назад
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.
CVSS3: 8.8
debian
почти 4 года назад
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.