CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-33816

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1190%
EPSS Percentile2.72th
Published2021年11月10日
Last Modified2024年11月21日

Vulnerability Description

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

= 13.0.2

References & Advisories

🔗 http://seclists.org/fulldisclosure/2021/Nov/39
🔗 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt
🔗 https://trovent.io/security-advisory-2106-01
🔗 http://seclists.org/fulldisclosure/2021/Nov/39
🔗 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt
🔗 https://trovent.io/security-advisory-2106-01

相關漏洞威脅

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...