CVE-2023-30253
Published: 29 May 2023
Summary
CVE-2023-30253 is a high-severity OS Command Injection (CWE-78) vulnerability in Dolibarr Dolibarr Erp\/Crm. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Dolibarr, an open-source ERP and CRM platform, is affected by CVE-2023-30253 in all versions prior to 17.0.1. The vulnerability is an OS command injection flaw (CWE-78) that permits remote code execution when an authenticated user supplies PHP opening tags using an uppercase variant such as <?PHP, which evades existing input filters and allows arbitrary code to be written and executed on the server.
An attacker with a low-privileged authenticated account can exploit the issue over the network without user interaction, achieving full control over the application and underlying system, as reflected in the CVSS 8.8 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Public advisories published by Swascan and the Dolibarr project on GitHub identify the root cause and direct administrators to upgrade to version 17.0.1 or later. The associated EPSS score has remained consistently high, reaching a peak of 0.9043 and currently sitting at 0.8918, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-1519
Vulnerability details
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.