CVE-2023-4197

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM versions <= 18.0.1

Description The issue is related to improper input validation, which fails to strip certain PHP code from user-supplied input when creating a Website. This allows an attacker to inject and evaluate arbitrary PHP code. Approximately 13,472 devices are potentially affected, mainly distributed in France, the United States, and other countries.

Recommendations For Dolibarr ERP CRM versions <= 18.0.1, update to a version higher than 18.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the Website creation feature to minimize the risk of exploitation. Avoid using user-supplied input in the creation of Websites until the issue is resolved.