7 matches found
CVE-2026-23500
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...
CVE-2026-23500
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
CVE-2026-23500
Dolibarr Dolibarr ERP/CRM prior to 23.0.0 is vulnerable to OS Command Injection via MAIN_ODT_AS_PDF in odf.php. An authenticated administrator can inject arbitrary commands by injecting into the MAIN_ODT_AS_PDF configuration constant, using command separators to execute as the web server user whe...
Dolibarr 安全漏洞
Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Versions of Dolibarr prior to 23.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the process of converting ODT files to PDF, where configuration...
📄 Dolibarr 22.0.4 Command Injection
Dolibarr versions 22.0.4 and below suffer from a remote code injection vulnerability via via MAINODTASPDF. CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF configuration in Dolibarr Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23500 | | Severity | CRITICAL | | Advisory |...