Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.8 views

CVE-2026-23500

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS6.4AI score0.00922EPSS
Exploits3References1
Github Security Blog
Github Security Blog
added 2026/04/17 9:24 p.m.7 views

Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...

9.4CVSS6.1AI score0.00922EPSS
Exploits3References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:25 p.m.10 views

CVE-2026-23500

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2026/04/17 8:25 p.m.18 views

CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS0.00922EPSS
Exploits3References2
CVE
CVE
added 2026/04/17 8:25 p.m.12 views

CVE-2026-23500

Dolibarr Dolibarr ERP/CRM prior to 23.0.0 is vulnerable to OS Command Injection via MAIN_ODT_AS_PDF in odf.php. An authenticated administrator can inject arbitrary commands by injecting into the MAIN_ODT_AS_PDF configuration constant, using command separators to execute as the web server user whe...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Dolibarr 安全漏洞

Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Versions of Dolibarr prior to 23.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the process of converting ODT files to PDF, where configuration...

9.4CVSS6.3AI score0.00922EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.131 views

📄 Dolibarr 22.0.4 Command Injection

Dolibarr versions 22.0.4 and below suffer from a remote code injection vulnerability via via MAINODTASPDF. CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF configuration in Dolibarr Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23500 | | Severity | CRITICAL | | Advisory |...

9.4CVSS6AI score0.00922EPSS
Exploits3
Rows per page
Query Builder