CVE-2018-25357 – Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php

CVE ID :CVE-2018-25357

Published : May 23, 2026, 6:32 p.m. | 1 hour, 25 minutes ago

Description :Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…