File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.

Affected Packages

Packagist dolibarr/dolibarr

Affected versions: 0 (fixed in 17.0.1)

Related CVEs

CVE-2023-38887

Key Information

GHSA ID

GHSA-g8h7-mcp6-pf47

Published

September 20, 2023 3:30 AM

Last Modified

September 22, 2023 7:46 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

dolibarr/dolibarr

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.