Dolibarr ERP CRM Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Dolibarr ERP CRM versions through 7.0.3. This vulnerability allows unauthenticated attackers to execute arbitrary code by injecting PHP code into the db_name parameter. Exploitation involves sending a POST request to install/step1.php with malicious PHP code in the db_name parameter. The injected code can then be executed via the check.php endpoint using the cmd GET parameter.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Dolibarr is installed.

Reproduction

To reproduce this vulnerability, upload a fresh version of Dolibarr ERP CRM 7.0.3. Once uploaded, navigate to the installation page. Click 'Next Step' to create a sample configuration file. Then, send a POST request to 'install/step1.php' with the 'db_name' parameter containing the PHP code injection. After the request is processed, the injected code can be executed by visiting 'install/check.php' and using the 'cmd' GET parameter to run commands on the server.

Remediation

Users are advised to upgrade to Dolibarr ERP CRM version 7.0.4 or later, where this vulnerability has been fixed.