Lucene search
GoogleOSV:CVE-2023-4197HistoryNov 01, 2023 - 8:15 a.m.
CVE-2023-4197
2023-11-0108:15:07
Google
osv.dev
4
input validation
dolibarr erp crm
php code injection
website creation
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
29.7%
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Related
prion
prion
Input validation
2023-11-01 08:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-4197
2023-11-01 08:15:07
veracode
veracode
Remote Code Execution (RCE)
2023-11-02 07:56:19
cve
cve
CVE-2023-4197
2023-11-01 08:15:07
vulnrichment
vulnrichment
osv
osv
Dolibarr Improper Input Validation vulnerability
2023-11-01 09:30:53
ubuntucve
ubuntucve
CVE-2023-4197
2023-11-01 00:00:00
github
github
Dolibarr Improper Input Validation vulnerability
2023-11-01 09:30:53
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
29.7%
Related for OSV:CVE-2023-4197