5 matches found
OS Command Injection
dolibarr/dolibarr is vulnerable to OS Command Injection. The vulnerability is due to improper validation and escaping of the MAINODTASPDF configuration input before passing it to the exec function, which allows an attacker to execute arbitrary operating system commands...
GHSA-W5J3-8FCR-H87W Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...
CVE-2026-23500
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...
Exploit for CVE-2026-23500
CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF...