by vicarius
log in join community
by @secatgourity
09 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploiting RCE in Dolibarr (CVE-2023-30253)

by @secatgourity
by @secatgourity
09 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploiting RCE in Dolibarr (CVE-2023-30253)

CVEs

CVE-2023-30253
8.8 High Severity

Screenshots from the blog posts

images/clycz8qwm2c5g1gmwfkvva6ko.webpimages/clycz8qwm2c5g1gmwfkvva6ko.webp

Summary

Dolibarr before version 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Script link

GitHub - Rubikcuv5/cve-2023-30253: Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. - Rubikcuv5/cve-2023-30253

image

Description

Tags

#RCE#exposed_to_RCE_attack#opensource#php#code-injection#dolibarr#erp

@secatgourity

190 posts

Total vcoins

123.8K

Social media links

Comments (0)