CVE-2023-38887

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 20, 2023

Updated: Sep 22, 2023

CWE ID 434

Summary

CVE-2023-38887 is a file upload vulnerability affecting Dolibarr ERP CRM versions 17.0.1 and earlier. An attacker can exploit this flaw by uploading a malicious file, which then allows for the execution of arbitrary code and the exfiltration of sensitive information. This vulnerability lies in the extension filtering and renaming functions, enabling remote code injection and potential data theft.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Dolibarr

Affected Vendors

Dolibarr

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6MGs
https://www.cve.org/CVERecord?id=CVE-2023-38887
https://nvd.nist.gov/vuln/detail/CVE-2023-38887

Back to Vulnerability Database