Critical severity9.8NVD Advisory· Published May 23, 2026· Updated May 27, 2026
CVE-2018-25357
CVE-2018-25357
Description
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/44964nvdExploitVDB Entry
- www.vulncheck.com/advisories/dolibarr-erp-crm-remote-code-evaluation-via-install-step1-phpnvdThird Party Advisory
- dolibarr.orgnvdProduct
News mentions
0No linked articles in our index yet.