CVE-2023-38886

Vulnerability

Analysis The vulnerability CVE-2023-38886 resides in Dolibarr ERP CRM, an open-source business management suite. The issue affects versions 17.0.1 and earlier, allowing a remote privileged attacker to execute arbitrary code by sending a specially crafted command or script. This stems from insufficient input validation or improper handling of user-supplied data, enabling injection of malicious commands [1][2].

Exploitation

Details Exploitation requires a valid user account with privileges sufficient to access vulnerable functionality. An attacker can craft a malicious command or script and deliver it through HTTP requests to the application. The attack is remote and does not require direct network access to the server, as Dolibarr is typically deployed as a web application [2][4].

Impact

Successful exploitation leads to arbitrary code execution on the underlying server, in the context of the web server user. This can result in full compromise of the CRM/ERP system, including data theft, modification, or destruction, and may serve as a pivot point for further attacks within the network [2].

Mitigation

The Dolibarr project has addressed this vulnerability in a later release. Users are strongly advised to upgrade to a patched version (e.g., 17.0.2 or newer) as soon as possible. No workarounds have been publicly documented, and the vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities Catalog [1][4].