{"api_version":"1","generated_at":"2026-04-13T04:12:15+00:00","cve":"CVE-2023-30253","urls":{"html":"https://cve.report/CVE-2023-30253","api":"https://cve.report/api/cve/CVE-2023-30253.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-30253","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-30253"},"summary":{"title":"CVE-2023-30253","description":"Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-05-29 21:15:00","updated_at":"2023-06-05 14:26:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://www.swascan.com/security-advisory-dolibarr-17-0-0/","name":"https://www.swascan.com/security-advisory-dolibarr-17-0-0/","refsource":"MISC","tags":[],"title":"Security Advisory: Dolibarr 17.0.0 - Swascan","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.swascan.com/blog/","name":"https://www.swascan.com/blog/","refsource":"MISC","tags":[],"title":"Blog - Swascan","mime":"application/octet-stream","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/Dolibarr/dolibarr","name":"https://github.com/Dolibarr/dolibarr","refsource":"MISC","tags":[],"title":"GitHub - Dolibarr/dolibarr: Dolibarr ERP CRM is a modern software package to manage your company or foundation's activity (contacts, suppliers, invoices, orders, stocks, agenda, accounting, ...). It is open source software (written in PHP) and designed for small and medium businesses, foundations and freelancers. You can freely install, use and distribute it as a standalone application or as a web application to use it from every internet access and media.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-30253","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30253","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"30253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dolibarr","cpe5":"dolibarr_erp\\/crm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-30253","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/Dolibarr/dolibarr","refsource":"MISC","name":"https://github.com/Dolibarr/dolibarr"},{"url":"https://www.swascan.com/blog/","refsource":"MISC","name":"https://www.swascan.com/blog/"},{"refsource":"MISC","name":"https://www.swascan.com/security-advisory-dolibarr-17-0-0/","url":"https://www.swascan.com/security-advisory-dolibarr-17-0-0/"}]}},"nvd":{"publishedDate":"2023-05-29 21:15:00","lastModifiedDate":"2023-06-05 14:26:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}