Sign in Get started

← All advisories

High severityNVD Advisory· Published May 29, 2023· Updated Jan 14, 2025

CVE-2023-30253

CVE-2023-30253

Description

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
dolibarr/dolibarrPackagist	< 17.0.1	17.0.1

Affected products

1

Dolibarr/Dolibarrdescription

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

github.com/advisories/GHSA-9wqr-5jp4-mjmhghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-30253ghsaADVISORY
www.swascan.com/blogghsaWEB
www.swascan.com/security-advisory-dolibarr-17-0-0ghsaWEB
www.swascan.com/blog/mitre
www.swascan.com/security-advisory-dolibarr-17-0-0/mitre

News mentions

1

Metasploit Wrap-Up 05/15/2026
Rapid7 Blog · May 15, 2026