## https://sploitus.com/exploit?id=58DD0189-4A93-58B0-A717-04E895CFAF2F
# CVE-2023-30253
CVE-2023-30253 PoC
# Description
This is my PoC for the CVE-2023-30253 (Dolibarr 17.0.0 PHP Code Injection), when the CMS Website plugin (core) is enabled, an authenticated attacker can obtain remote command execution via php code injection bypassing the application restrictions.
## Installation
Clone the repository:
```
git clone https://github.com/g4nkd/CVE-2023-30253-PoC.git
cd CVE-2023-30253-PoC
pip install -r requirements.txt
```
## Usage
```
python3 exploit.py -h
usage: exploit.py [-h] -lhost LHOST -lport LPORT -rhost RHOST -user USER -pass PASSWORD
Exploit for CVE-2023-30253
options:
-h, --help show this help message and exit
-lhost LHOST Local Host (this host will receive the shell)
-lport LPORT Local PORT
-rhost RHOST Rhost url, example: http://site.com/
-user USER Username for Dolibarr
-pass PASSWORD Password for Dolibarr
```