Description
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is passed to PHP's `eval()` function without adequate sanitization, allowing authenticated administrators to execute arbitrary PHP code on the server. As of time of publication, no patched versions are available.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.10)
WordPress Plugin WordPress Simple Shop Cross-Site Scripting (1.2)
IBM WebSEAL CVE-2018-1850 Vulnerability (CVE-2018-1850)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)
WordPress Plugin FV Flowplayer Video Player Multiple Vulnerabilities (7.3.14.727)