Lucene search
GoogleOSV:GHSA-R9CM-PW9J-3FPXHistoryNov 01, 2023 - 9:30 a.m.
Dolibarr Improper Input Validation vulnerability
2023-11-0109:30:53
Google
osv.dev
11
dolibarr
input validation
vulnerability
php code
website
attacker
software
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
29.7%
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
Related
nvd
nvd
CVE-2023-4197
2023-11-01 08:15:07
prion
prion
Input validation
2023-11-01 08:15:00
cvelist
cvelist
veracode
veracode
Remote Code Execution (RCE)
2023-11-02 07:56:19
cve
cve
CVE-2023-4197
2023-11-01 08:15:07
vulnrichment
vulnrichment
osv
osv
CVE-2023-4197
2023-11-01 08:15:07
ubuntucve
ubuntucve
CVE-2023-4197
2023-11-01 00:00:00
github
github
Dolibarr Improper Input Validation vulnerability
2023-11-01 09:30:53
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
29.7%
Related for OSV:GHSA-R9CM-PW9J-3FPX