Home > Vulnerability Database > CVE-2022-40871

Mend.io Vulnerability Database

CVE-2022-40871

Date: October 11, 2022

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Language: PHP

Severity Score

9.8

Related Resources (4)

Url: https://github.com/youncyb/dolibarr-rce

Url: https://github.com/Dolibarr/dolibarr

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40871

Url: https://www.mend.io/vulnerability-database/CVE-2022-40871

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

Incorrect Default Permissions

CWE-276

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-95

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40871

Date: October 11, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?