What is GHSA-hxmh-2xc4-c894?

GHSA-hxmh-2xc4-c894 is a security advisory published by GitHub Security Advisories with Critical severity. Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows...

Which CVE IDs does GHSA-hxmh-2xc4-c894 cover?

GHSA-hxmh-2xc4-c894 covers the following CVE IDs: CVE-2018-25357. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-hxmh-2xc4-c894?

GHSA-hxmh-2xc4-c894 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-hxmh-2xc4-c894CriticalCVSS 9.8

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25357 →

📋 Description

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25357
https://dolibarr.org
https://github.com/Dolibarr/dolibarr
https://www.exploit-db.com/exploits/44964
https://www.vulncheck.com/advisories/dolibarr-erp-crm-remote-code-evaluation-via-install-step1-php
https://github.com/advisories/GHSA-hxmh-2xc4-c894