File Upload Vulnerability in Dolibarr ERP CRM by Dolibarr
CVE-2023-38887

8.8HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr Erp\/crm
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-38887?

A vulnerability in Dolibarr ERP CRM versions prior to 17.0.1 allows remote attackers to exploit improper handling of file uploads. This can lead to arbitrary code execution and unauthorized access to sensitive information through vulnerabilities in the extension filtering and renaming functions. Users are advised to update to the latest version and implement best security practices to mitigate risks.

References

http://dolibarr.com

https://akerva.com/wp-content/uploads/2023/09/AKERVA_Secu...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Jul 25, 2023

JSON