CVE-2023-38886

HIGH

Dolibarr ERP CRM < 17.0.1 - Authenticated Remote Code Execution via Crafted Command

Title source: llm

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.

Core 2

Core References

Product

Exploit, Third Party Advisory

CVSS v3 7.2

EPSS 0.3183

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

CWE

CWE-78

Status published

Products (2)

dolibarr/dolibarr 0 - 17.0.1Packagist

dolibarr/dolibarr_erp\/crm < 17.0.1

Published Sep 20, 2023

Tracked Since Feb 18, 2026