CVE-2023-30253

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 17.0.1 Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series (affected versions not specified)

Description The issue allows remote code execution by an authenticated user via an uppercase manipulation in injected data, such as using <?PHP instead of <?php. This can be exploited in certain Zyxel products, including the ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series, although specific details about the exploitation in these products are not provided.

Recommendations For Dolibarr versions prior to 17.0.1, update to version 17.0.1 or later to resolve the issue. For Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series, at the moment, there is no information about a newer version that contains a fix for this vulnerability.