{"id":"CVE-2018-25357","details":"Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.","aliases":["GHSA-hxmh-2xc4-c894"],"modified":"2026-07-08T20:04:36.974802Z","published":"2026-05-23T19:16:56.033Z","references":[{"type":"WEB","url":"https://dolibarr.org"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/dolibarr-erp-crm-remote-code-evaluation-via-install-step1-php"},{"type":"PACKAGE","url":"https://github.com/Dolibarr/dolibarr"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/44964"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dolibarr/dolibarr","events":[{"introduced":"0"},{"last_affected":"edec89ef1e23b0310b77a60b71110a15533110b2"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"7.0.3"}]}}],"versions":["7.0.3","7.0.2","7.0.0","7.0.1","6.0.0-beta","5.0.0-beta","4.0.0-rc","3.8.0-beta","3.7.1","3.7.0","3.6.2","3.6.1","3.6.0","3.6.0-beta","3.6.beta1_20140514","3.6.0-alpha","3.5.beta1_20131120","3.5.beta1_20131106","3.4.beta1_20130502","3.4.beta1_20130429","3.3.beta1_20121221"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25357.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}