3 matches found
GHSA-W5J3-8FCR-H87W Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
Exploit for CVE-2026-23500
CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF...