CVE-2023-30253, GHSA-9wqr-5jp4-mjmh
packagist/dolibarr/dolibarr
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
All versions before 17.0.1
Upgrade to version 17.0.1 or above.
2023-05-31
source |