Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2018-25357: Dolibarr ERP CRM 7.0.3 allows unauthenticated code execution
CVE-2018-25357
Summary
An attacker can send a request to Dolibarr ERP CRM 7.0.3 with malicious code, which can then be executed without needing a password. This means an attacker could potentially access and control the system. To protect your system, update to a fixed version of Dolibarr ERP CRM.
Original title
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ...
Original description
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-94
Code Injection
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026