漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page creation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dolibarr ERP & CRM 安全漏洞
Vulnerability Description
Dolibarr ERP & CRM是Dolibarr开源的一个企业管理软件。 Dolibarr ERP & CRM 22.0.4及之前版本存在安全漏洞,该漏洞源于网站模块中PHP代码检测和编辑权限执行不一致,允许被限制为HTML/JavaScript编辑的认证用户通过未受保护的输入注入PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A