CVE-2023-30253
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/dolibarr/dolibarr
Identifiers
CVE-2023-30253, GHSA-9wqr-5jp4-mjmh
Package Slug
packagist/dolibarr/dolibarr
Vulnerability
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Affected Versions
All versions before 17.0.1
Solution
Upgrade to version 17.0.1 or above.
Last Modified
2023-05-31
| source |