CVE-2023-4197 Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE

2023-11-0107:58:56

CWE-20

STAR_Labs

raw.githubusercontent.com

cve-2023-4197; dolibarr erp crm; input sanitization; authenticated rce

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.