CRITICAL
Dolibarr
CVE published 2026-05-23
CVE-2018-25357
A critical remote code execution vulnerability exists in Dolibarr ERP CRM 7.0.3. The vulnerability allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads through the db_name parameter during the installation process. The attack vector involves sending a POST request to install/step1.php with crafted PHP code in the db_name parameter, followed by command execution vi [truncated]