Critical severityNVD Advisory· Published Oct 12, 2022· Updated May 15, 2025
CVE-2022-40871
CVE-2022-40871
Description
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | <= 15.0.3 | — |
Affected products
3- Dolibarr/ERP & CRMdescription
- osv-coords2 versions
<= 15.0.3+ 1 more
- (no CPE)range: <= 15.0.3
- (no CPE)range: <= 15.0.3
Patches
Vulnerability mechanics
References
2- github.com/advisories/GHSA-7cm4-vmf2-8wf2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-40871ghsaADVISORY
News mentions
0No linked articles in our index yet.