logo

Database

Remote command execution In dolibarr/dolibarr

Description

Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-388862. NVD-2023-388863. OSV-2023-388864. GCVE-2023-38886

References

1. https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf2. http://dolibarr.com

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.