dolibarr/dolibarr
Behoben in
15.0.1
15.0.1
CVE-2022-0819 is a critical vulnerability affecting Dolibarr versions 9.0.4 and earlier. This flaw allows attackers to inject arbitrary PHP code and execute commands on the server's file system, potentially leading to complete system compromise. The vulnerability resides in the 'dol_eval' function within Dolibarr's core library. A fix is available in version 15.0.1.
The impact of CVE-2022-0819 is severe. An attacker exploiting this vulnerability can gain complete control of the affected system. This includes the ability to install arbitrary software, access and exfiltrate sensitive data, and potentially move laterally within the network. The description explicitly states that all secrets and keys stored on the compromised system should be rotated immediately from a different, trusted machine. The potential for data breaches and unauthorized access is extremely high, making this a critical security concern.
This vulnerability has been flagged as a high-severity issue due to the potential for full system compromise. Public proof-of-concept exploits are likely to emerge given the severity and ease of exploitation. The vulnerability was disclosed on 2022-08-19. Active exploitation is possible, and organizations should prioritize remediation.
Organizations using Dolibarr for CRM, ERP, or other business management functions are at risk, particularly those running older, unpatched versions (≤9.0.4). Shared hosting environments where Dolibarr is installed are especially vulnerable due to the potential for cross-tenant exploitation.
• php: Examine Dolibarr installation directories for modified 'functions.lib.php' files.
find /var/www/dolibarr/htdocs/core/lib/ -name functions.lib.php -mtime -7• php: Check web server logs for suspicious PHP code execution attempts.
grep -i 'eval(' /var/log/apache2/error.log• generic web: Monitor Dolibarr instances for unexpected file modifications or creation. • generic web: Review access logs for unusual requests targeting Dolibarr's core files.
disclosure
Exploit-Status
EPSS
1.74% (82% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2022-0819 is to immediately remove the nebd package from all affected systems. Due to the severity of the vulnerability and the potential for complete compromise, there are no known configuration workarounds or WAF rules that can effectively mitigate the risk. Rolling back to a previous, uncompromised version is not possible as the vulnerability stems from the package itself. After removing the package, it is crucial to thoroughly scan the system for any signs of malicious activity and rotate all secrets and keys from a clean machine. Consider a full system re-imaging for maximum assurance.
Actualice Dolibarr a la versión 15.0.1 o superior. Esta versión corrige la vulnerabilidad de inyección de código. Se recomienda realizar una copia de seguridad antes de actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2022-0819 is a HIGH severity vulnerability in Dolibarr versions up to 9.0.4 that allows attackers to inject and execute arbitrary PHP code, potentially leading to full system compromise.
If you are running Dolibarr version 9.0.4 or earlier, you are vulnerable to this code injection flaw. Immediate action is required.
Upgrade Dolibarr to version 15.0.1 or later to resolve this vulnerability. If upgrading is not immediately possible, implement strict input validation and restrict allowed functions.
While no confirmed active exploitation campaigns are publicly known, the ease of exploitation makes it a high-risk vulnerability. Proactive patching is essential.
Refer to the official Dolibarr security advisory for detailed information and updates: [https://www.dolibarr.org/security/dolibarr-security-advisories/](https://www.dolibarr.org/security/dolibarr-security-advisories/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.