Share
## https://sploitus.com/exploit?id=58DD0189-4A93-58B0-A717-04E895CFAF2F
# CVE-2023-30253
CVE-2023-30253 PoC

# Description
This is my PoC for the CVE-2023-30253 (Dolibarr 17.0.0 PHP Code Injection), when the CMS Website plugin (core) is enabled, an authenticated attacker can obtain remote command execution via php code injection bypassing the application restrictions.

## Installation

Clone the repository:
```
git clone https://github.com/g4nkd/CVE-2023-30253-PoC.git
cd CVE-2023-30253-PoC
pip install -r requirements.txt
```

## Usage
```
python3 exploit.py -h
usage: exploit.py [-h] -lhost LHOST -lport LPORT -rhost RHOST -user USER -pass PASSWORD

Exploit for CVE-2023-30253

options:
  -h, --help      show this help message and exit
  -lhost LHOST    Local Host (this host will receive the shell)
  -lport LPORT    Local PORT
  -rhost RHOST    Rhost url, example: http://site.com/
  -user USER      Username for Dolibarr
  -pass PASSWORD  Password for Dolibarr
```