Vulnerability in N/a
CVE-2023-30253
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
EPSS: 0.892 (99.6th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- nikn0laty/Exploit-for-Dolibarr-17.0.0-CVE-2023-30253
- dollarboysushil/Dolibarr-17.0.0-Exploit-CVE-2023-30253
- Rubikcuv5/cve-2023-30253
- g4nkd/CVE-2023-30253-PoC
- andria-dev/DolibabyPhp
- Jeanback1/CVE-2023-30253-exploit
- 1lkla/POC-exploit-for-Dolibarr
- bluetoothStrawberry/CVE-2023-30253
- 04Shivam/CVE-2023-30253-Exploit
- rapid7/metasploit-framework
References
Frequently asked questions
- What is CVE-2023-30253?
- CVE-2023-30253 is a vulnerability in N/a. Published 2023-05-29.
- Is CVE-2023-30253 known to be exploited?
- 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.