漏洞描述
Dolibarr edit.php 存在远程命令执行漏洞,攻击者通过逻辑漏洞创建管理员后可以通过后台漏洞获取服务器权限
Dolibarr edit.php 远程命令执行漏洞 (CVE-2022-40871)
PoC代码
暂无相关漏洞推荐
- POCCVE-2012-1226: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
- POCCVE-2018-10095: Dolibarr <7.0.2 - Cross-Site Scripting
- POCCVE-2023-33568: Dolibarr Unauthenticated Contacts Database Theft
- POCCVE-2024-5315: Dolibarr ERP CMS `list.php` - SQL Injection
- POCCVE-2012-1226: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
- POCCVE-2018-10095: Dolibarr <7.0.2 - Cross-Site Scripting
- POCCVE-2023-33568: Dolibarr Unauthenticated Contacts Database Theft
- POCCVE-2024-5315: Dolibarr ERP CMS `list.php` - SQL Injection
- 无POCDolibarr ERP CRM export.php 命令注入漏洞
- 无POCDolibarr ERP和CRM套件菜单编辑器dol_eval函数代码注入漏洞
- 无POCDolibarr CVE-2022-0224 SQL注入漏洞
- 无POCDolibarr存在信息泄漏漏洞(CVE-2023-33568)