VDB
CVE-2021-33816
CVE-2021-33816
PUBLISHED
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
EPSS 2.57% · 85.9th percentile
Risk Scores
EPSS Score
2.57%
85.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | 0, 3.5.5+dfsg1-2, 3.5.7+dfsg1-1 |
Exploit Intelligence
- http://seclists.org/fulldisclosure/2021/Nov/39 (nist-nvd)
- https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt (nist-nvd)
- https://trovent.io/security-advisory-2106-01 (nist-nvd)
- Dolibarr ERP / CRM 13.0.2 Remote Code Execution Vulnerability (0day-today)
- Dolibarr ERP / CRM 13.0.2 Remote Code Execution Vulnerability (0day-today)
Timeline
- Nov 10, 2021 CVE Published
- Nov 10, 2021 PoC Published
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 2, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 21, 2022 EPSS Score
- Aug 17, 2022 EPSS Score
- Oct 11, 2022 EPSS Score
- Nov 17, 2022 CVE Updated
- Jan 30, 2023 EPSS Score
- Mar 27, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-33816 third-party-advisory
- https://trovent.io/security-advisory-2106-01 third-party-advisory
- https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33816 third-party-advisory