The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-5459 | The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. |
![]() |
GHSA-vxr9-p2xw-m8cf | Dolibarr remote PHP code execution |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-03T23:58:23.177Z
Reserved: 2021-06-03T00:00:00
Link: CVE-2021-33816

No data.

Status : Modified
Published: 2021-11-10T23:15:08.163
Modified: 2024-11-21T06:09:37.430
Link: CVE-2021-33816

No data.

No data.