Dolibarr 23.0.0: PHP eval() whitelist bypass → RCE via two bugs (CVE-2026-22666)(jivasecurity.com)
jivasecurity.com
Dolibarr 23.0.0: PHP eval() whitelist bypass → RCE via two bugs (CVE-2026-22666)
https://jivasecurity.com/writeups/dolibarr-remote-code-execution-cve-2026-22666
1 コメント
Root cause analysis and full PoC. Coordinated disclosure — patch is available as of 4/4/2026