CVE-2021-33816

Improper Control of Generation of Code ('Code Injection') in packagist/dolibarr/dolibarr

Identifiers

CVE-2021-33816

Package Slug

packagist/dolibarr/dolibarr

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

The website builder module in Dolibarr allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.

Affected Versions

Version 13.0.2

Solution

Upgrade to version 13.0.3 or above.

Last Modified

2021-11-15

source