CVE-2018-25357 – Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php

CVE ID :CVE-2018-25357

Published : May 23, 2026, 6:32 p.m. | 1 hour, 25 minutes ago

Description :Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2018-25358 – D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

CVE-2018-25356 – SIPp 3.6 Local Buffer Overflow via Command-line Arguments

CVE-2018-25355 – Audiograbber 1.83 Local Buffer Overflow via SEH

CVE-2018-25354 – Joomla Component jomres 9.11.2 Cross-Site Request Forgery