Описание
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 18.0.1 (включая)
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.48668
Средний
7.5 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-20
CWE-74
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 2 лет назад
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
CVSS3: 7.5
debian
больше 2 лет назад
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...
CVSS3: 7.5
github
больше 2 лет назад
Dolibarr Improper Input Validation vulnerability
EPSS
Процентиль: 98%
0.48668
Средний
7.5 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-20
CWE-74