Fabiano Golluscio

**Name of the Vulnerable Software and Affected Versions** Dolibarr versions prior to 17.0.1 Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series (affected versions not specified) **Description** The issue allows remote code execution by an authenticated user via an uppercase manipulation in injected data, such as using `<?PHP` instead of `<?php`. This can be exploited in certain Zyxel products, including the ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series, although specific details about the exploitation in these products are not provided. **Recommendations** For Dolibarr versions prior to 17.0.1, update to version 17.0.1 or later to resolve the issue. For Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series, at the moment, there is no information about a newer version that contains a fix for this vulnerability.