Fluid Attacks Database

Description

Dolibarr Improper Input Validation vulnerability Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	dolibarr/dolibarr	>=0 <18.0.2	18.0.2

Aliases

1. CVE-2023-41972. NVD-2023-41973. OSV-2023-41974. GCVE-2023-4197

References

1. https://github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087e2. https://starlabs.sg/advisories/23/23-41973. https://github.com/alienkeric/CVE-2023-4197

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.