CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-25357

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile42.33th
Published2026年5月23日
Last Modified2026年5月27日

Vulnerability Description

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

<= 7.0.3

References & Advisories

🔗 https://dolibarr.org
🔗 https://github.com/Dolibarr/dolibarr
🔗 https://www.exploit-db.com/exploits/44964
🔗 https://www.vulncheck.com/advisories/dolibarr-erp-crm-remote-code-evaluation-via-install-step1-php

相关漏洞威胁

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...

CVE-2021-477795.4

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privile...