cvedb.io
CVE-2022-40871
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-10-12T12:15:09.657 · Last modified 2026-06-17T05:02:10.280

Summary

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Affected products

dolibarr — dolibarr_erp\/crm

Does this affect you?

Add your gear to cvedb and we'll alert you only when dolibarr ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.