Skip to main content

Incorrect Default Permissions

CVE-2022-40871

Severity High
Score 9.8/10

Summary

Dolibarr ERP and CRM versions through 15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Advisory Timeline

  • Published