Remote Code Execution (RCE)

2023-11-0207:56:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

dolibarr

website.lib.php

improper user inputs validation

arbitrary php code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

dolibarr/dolibarr is vulnerable to Remote Code Execution. This vulnerability exists in the dolKeepOnlyPhpCode function in website.lib.php due to improper user inputs validation, allowing an attacker to inject and execute arbitrary PHP code in the system.