CVE-2022-40871
Dolibarr vulnerable to Eval Injection
9.8
CRITICAL
CVSS 3.1
EPSS 51.6%
Description
Dolibarr ERP & CRM <=15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
How to fix CVE-2022-40871
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
- —no fix listed
Is CVE-2022-40871 being exploited?
Likely — EPSS is 51.6%, placing CVE-2022-40871 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, <= 15.0.3
- from 0, <= 15.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |