Category:  Vulnerability Intelligence

Vulnerability Class: Improper Input Validation

CVE ID: CVE-2023-4197

CVSS  Score:  7.5

Product Name Dolibarr ERP CRM = v18.0.1

Executive Summary

CVE-2023-4197 is a PHP code injection vulnerability in Dolibarr ERP CRM = v18.0.1. This vulnerability allows an attacker to inject and evaluate arbitrary PHP code into a Dolibarr ERP CRM instance. This could allow an attacker to take complete control of the affected system, including stealing data, installing malware, or launching denial-of-service attacks.

‍

Description:

When creating a Website in Dolibarr ERP CRM = v18.0.1, the application fails to strip certain PHP code from user-supplied input. This allows an attacker to inject arbitrary PHP code into the Website, which will then be executed when the Website is visited.

Impact:

A successful exploit of this vulnerability could allow an attacker to:
* Steal sensitive data, such as customer records, financial information, and intellectual property.
* Install malware on the affected system.
* Launch denial-of-service attacks.
* Take complete control of the affected system.

Recommended Actions:

If you are using Dolibarr ERP CRM = v18.0.1, it is important to upgrade to the latest version (v18.0.2) immediately. If you are unable to upgrade immediately, you can mitigate the risk of exploitation by:
* Implementing a web application firewall (WAF) that can block malicious requests.
* Disabling the ability for users to create Websites until the vulnerability has been patched.
* Educating users about the dangers of clicking on links in emails and messages from unknown senders.

Steps to apply the fix manually 

To apply the fix manually, you can download the latest patch from the Dolibarr website and apply it to your installation.

Conclusion:

CVE-2023-4197 is a serious vulnerability that could allow attackers to take complete control of affected Dolibarr ERP CRM systems. It is important to upgrade to the latest version (v18.0.2) immediately or apply the workaround steps provided above.
CVE-2023-4197 is a serious vulnerability that could have a significant impact on government agencies and contractors. It is important to take steps to mitigate the risk of exploitation as soon as possible.
‍

Is POC available?

 At the time of writing this security advisory for CVE-2023-4197, a public proof of concept (POC) has not been released. Security Researchers at Cloudsek are continuously monitoring for any new updates being released on CVE-2023-4197, any further updates will be provided in the same advisory for future references.

 CVE-2023-4197 is a remotely exploitable attack, attackers could take advantage of this and exploit vulnerable targets using shodan and google dorks. Affected users are recommended to take the  recommended actions mentioned in the above security advisory.

‍

References

* https://github.com/Dolibarr/dolibarr/commit/0ed6a63fb06be88be5a4f8bcdee83185eee4087e
* https://starlabs.sg/advisories/23/23-4197

‍

‍