Produit : Dolibarr
Type : Security Advisory
Criticité : critical
CVE : CVE-2026-23500
Date source : 17/04/2026 01:57
Résumé :
### Summary
An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the `MAIN_ODT_AS_PDF` configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the `exec()` function in the ODT to PDF conversion process.
### Details
The vulnerability is located in `htdocs/includes/odtphp/odf.php`.
When the system tries to convert an ODT document to PDF (e.g., in Proposals, Invoices), it constructs a shell command using the `MAIN_ODT_AS_PDF` global setting.
Code snippet (`htdocs/includes/odtphp/odf.php`, approx line 930):
« `php
$command = getDolGlobalString('MAIN_ODT_AS_PDF').' '.escapeshellcmd($name);
// …
exec($command, $output_arr, $retval);
« `
While the filename `$name` is sanitized using `escapeshellcmd()`, the configuration v
Action recommandée :
Vérifier la version installée et appliquer le correctif si le produit est concerné.
Source : Voir l’annonce officielle
Laisser un commentaire