CVE-2026-23500
Received Received - Intake
Command Injection in Dolibarr ODT to PDF Conversion Allows RCE

Publication date: 2026-04-17

Last updated on: 2026-05-01

Assigner: GitHub, Inc.

Description
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAIN_ODT_AS_PDF configuration constant directly into a shell command passed to exec() without sanitization. An authenticated administrator can inject arbitrary OS commands via this constant using command separators, achieving remote code execution as the web server user when any ODT template is generated. This issue has been fixed in version 23.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-05-01
Generated
2026-05-07
AI Q&A
2026-04-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23500
EUVD
EUVD-2026-23502
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dolibarr dolibarr_erp/crm to 23.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Dolibarr versions prior to 23.0.0 in the ODT to PDF conversion process handled by the odf.php file. The issue arises because the MAIN_ODT_AS_PDF configuration constant is concatenated directly into a shell command passed to the exec() function without any sanitization. An authenticated administrator can exploit this by injecting arbitrary operating system commands using command separators. This leads to remote code execution with the privileges of the web server user whenever any ODT template is generated.


How can this vulnerability impact me? :

The vulnerability allows an authenticated administrator to execute arbitrary operating system commands on the server running Dolibarr. This can lead to remote code execution, potentially compromising the entire server environment. Attackers could manipulate or steal sensitive data, disrupt services, or use the server as a foothold for further attacks.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Dolibarr to version 23.0.0 or later, where the issue has been fixed.

Ensure that only trusted administrators have access to the system, as exploitation requires authenticated administrator privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart