CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2018-25357 — Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allo...

·Source: NIST NVD

Updated:

Executive Summary

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.

Analysis

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter. CVSS Score: 9.8. Published: 2026-05-23T19:16:56.033.

Indicators of Compromise (1)

CVE (1)
CVE-2018-25357
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 23, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Trump administration releases scaled-back AI executive order

The order – which Trump refrained from signing at the last minute, appears to make significant concessions to industry compared to earlier drafts. The post Trump administration releases scaled-back AI executive order appeared first on CyberScoop .

CyberScoop
MEDIUMVulnerabilityNEW

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis

As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerabilityNEW

Russia claims foreign spy agencies hacked officials' phones

In a statement, Russia's Federal Security Service (FSB) said it had uncovered what it described as a "large-scale operation" involving malicious software installed on the mobile devices of senior Russian officials.

The Record