Cyber Resilience

CVE-2023-30253

HighPublic PoCRCE

Published: 29 May 2023

Published
29 May 2023
Modified
14 January 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8918 99.6th percentile
Risk Priority 71 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-30253 is a high-severity OS Command Injection (CWE-78) vulnerability in Dolibarr Dolibarr Erp\/Crm. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Dolibarr, an open-source ERP and CRM platform, is affected by CVE-2023-30253 in all versions prior to 17.0.1. The vulnerability is an OS command injection flaw (CWE-78) that permits remote code execution when an authenticated user supplies PHP opening tags using an uppercase variant such as <?PHP, which evades existing input filters and allows arbitrary code to be written and executed on the server.

An attacker with a low-privileged authenticated account can exploit the issue over the network without user interaction, achieving full control over the application and underlying system, as reflected in the CVSS 8.8 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Public advisories published by Swascan and the Dolibarr project on GitHub identify the root cause and direct administrators to upgrade to version 17.0.1 or later. The associated EPSS score has remained consistently high, reaching a peak of 0.9043 and currently sitting at 0.8918, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dolibarr
dolibarr erp\/crm
≤ 17.0.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References