CVE-2026-23500 in Dolibarrthông tin

Tóm tắt

Bởi MITRE • 18/04/2026

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

13/01/2026

Tiết lộ

18/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-358117

CPE

sẵn sàng

CWE

CWE-78 (Đã xác nhận)

CVSS

4.7 (VulDB)

EPSS

0.00166

KEV

không

Các hoạt động

rất thấp

ngành

Insurance, Transportation, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23500
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23500
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23500/

◂ Trước Tổng Quan Tiếp theo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!