The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-5459 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Github GHSA Github GHSA GHSA-vxr9-p2xw-m8cf Dolibarr remote PHP code execution
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T23:58:23.177Z

Reserved: 2021-06-03T00:00:00

Link: CVE-2021-33816

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-10T23:15:08.163

Modified: 2024-11-21T06:09:37.430

Link: CVE-2021-33816

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.