Lucene search
GitHub Advisory DatabaseGHSA-R9CM-PW9J-3FPXHistoryNov 01, 2023 - 9:30 a.m.
Dolibarr Improper Input Validation vulnerability
2023-11-0109:30:53
CWE-20
CWE-74
GitHub Advisory Database
github.com
12
dolibarr
input validation
vulnerability
erp
crm
php code
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
29.7%
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Affected configurations
Node
dolibarrdolibarrRange<18.0.2
Related
nvd
nvd
CVE-2023-4197
2023-11-01 08:15:07
prion
prion
Input validation
2023-11-01 08:15:00
cvelist
cvelist
veracode
veracode
Remote Code Execution (RCE)
2023-11-02 07:56:19
cve
cve
CVE-2023-4197
2023-11-01 08:15:07
vulnrichment
vulnrichment
osv
osv
Dolibarr Improper Input Validation vulnerability
2023-11-01 09:30:53
CVE-2023-4197
2023-11-01 08:15:07
ubuntucve
ubuntucve
CVE-2023-4197
2023-11-01 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
29.7%
Related for GHSA-R9CM-PW9J-3FPX