COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-38888

CVE-2023-38888

Severity
critical
Source
NVD · cve
Published
2023-09-20
CVSS
9.6
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-38888
⚡ RCE shame 50/100 rce

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

Players implicated

dolibarr · vendordolibarr erp\/crm · product

Description

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.