CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.026

EPSS Ranking 84.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://seclists.org/fulldisclosure/2021/Nov/39
https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt
https://trovent.io/security-advisory-2106-01
http://seclists.org/fulldisclosure/2021/Nov/39
https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt
https://trovent.io/security-advisory-2106-01

Products affected by CVE-2021-33816

Dolibarr » Dolibarr Erp/crm » Version: 13.0.2

cpe:2.3:a:dolibarr:dolibarr_erp/crm:13.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-33816

Products

Pricing

Contact Us