CVE-2023-38887Unrestricted File Upload in Dolibarr

CWE-434Unrestricted File Upload5 documents4 sources
Severity
8.8HIGHNVD
EPSS
3.0%
top 13.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
DolibarrDolibarr ERP CRM
Timeline
PublishedSep 20

Description

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Packagistdolibarr/dolibarr< 17.0.1

🔴Vulnerability Details

4
OSV
CVE-2023-38887: File Upload vulnerability in Dolibarr ERP CRM v2023-09-20
CVEList
CVE-2023-38887: File Upload vulnerability in Dolibarr ERP CRM v2023-09-20
GHSA
File Upload vulnerability in Dolibarr ERP CRM2023-09-20
OSV
File Upload vulnerability in Dolibarr ERP CRM2023-09-20
CVE-2023-38887 — Unrestricted File Upload in Dolibarr | cvebase