CVE-2026-31019
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP funct
CVSS
8.8
Alto
EPSS
0.6%
p43
KEV
—
Exploit Today
13
0-100
Publicado: 21 abr 2026 · Última mod.: 5 jul 2026 · CWE-78
0.6%EPSS · 30 días0.6%
2026-06-302026-07-17
In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code execution with the ability to execute arbitrary operating system commands on the server.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2026-398089.8 CRÍ99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability23hCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability9dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection9d