High severityNVD Advisory· Published Nov 1, 2023· Updated Sep 5, 2024
Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE
CVE-2023-4197
Description
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | < 18.0.2 | 18.0.2 |
Affected products
3- osv-coords2 versions
<= 18.0.1+ 1 more
- (no CPE)range: <= 18.0.1
- (no CPE)range: < 18.0.2
Patches
Vulnerability mechanics
References
4- github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087eghsapatchWEB
- github.com/advisories/GHSA-r9cm-pw9j-3fpxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4197ghsaADVISORY
- starlabs.sg/advisories/23/23-4197ghsathird-party-advisoryWEB
News mentions
0No linked articles in our index yet.