Published: 10/11/2021 Updated: 17/11/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dolibarr dolibarr erp\\/crm 13.0.2

Dolibarr ERP and CRM version 1302 suffer from a remote code execution vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    Trovent Security Advisory 2106-01 / CVE-2021-33816: Authenticated remote code execution in Dolibarr ERP & CRM <!-- ...

oss-sec mailing list archives   By Date By Thread </form>    Trovent Security Advisory 2106-01 / CVE-2021-33816: Authenticated remote code execution in Dolibarr ERP & CRM <!--X-Subjec ...

CWE-94 https://trovent.io/security-advisory-2106-01 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt http://seclists.org/fulldisclosure/2021/Nov/39 https://nvd.nist.gov https://packetstormsecurity.com/files/164923/Dolibarr-ERP-CRM-13.0.2-Remote-Code-Execution.html

CVE-2021-33816

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect