EUVD-2026-19606
GHSA-m6qg-6w6h-v59x
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5Description
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject malicious payloads through computed extrafields or other evaluation paths using PHP dynamic callable syntax to bypass validation and achieve arbitrary command execution via eval().
Analysis
Remote code execution in Dolibarr ERP/CRM versions prior to 23.0.2 allows authenticated administrators to execute arbitrary system commands by exploiting inadequate input validation in the dol_eval_standard() function. The vulnerability enables attackers to bypass security controls using PHP dynamic callable syntax through computed extrafields or other evaluation paths. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Dolibarr deployments and identify instances running versions prior to 23.0.2; restrict administrative access to trusted personnel only and review recent admin account activity logs. Within 7 days: Upgrade all affected Dolibarr instances to version 23.0.2 or later. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today