Description
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3388)
XWiki Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-48240)
WordPress Plugin Easy Google Analytics for WordPress Cross-Site Request Forgery (1.6.0)
WordPress Plugin WP Content Copy Protection & No Right Click Security Bypass (3.1.4)