Description

Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.

Remediation

References

CVE-2023-4197

Related Vulnerabilities

MyBB Improper Input Validation Vulnerability (CVE-2016-9420)

Ruby Improper Input Validation Vulnerability (CVE-2009-4492)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)

Prototype Improper Privilege Management Vulnerability (CVE-2020-7993)

WordPress Plugin Translate Multilingual sites-TranslatePress Cross-Site Scripting (2.0.8)

Severity

High

Classification

CVE-2023-4197 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities