漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dolibarr ERP & CRM 安全漏洞
Vulnerability Description
Dolibarr ERP & CRM是Dolibarr开源的一个企业管理软件。 Dolibarr ERP & CRM 22.0.4及之前版本存在安全漏洞,该漏洞源于网站模块使用基于黑名单的过滤来限制危险的PHP函数,允许具有PHP内容编辑权限的认证用户绕过过滤,导致完全远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A