logo

Database

OS Command Injection In dolibarr/dolibarr

Description

Dolibarr vulnerable to remote code execution via uppercase manipulation Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-302532. NVD-2023-302533. OSV-2023-302534. GCVE-2023-30253

References

1. https://www.swascan.com/blog2. https://www.swascan.com/security-advisory-dolibarr-17-0-03. https://github.com/Rubikcuv5/cve-2023-302534. https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/dolibarr_cms_rce_cve_2023_30253.rb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.