CVE-2020-35136

{"id": "CVE-2020-35136", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-12-23T15:15:16.043", "references": [{"url": "http://bilishim.com/2020/12/18/zero-hunting-2.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Dolibarr/dolibarr/releases", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/projects/dolibarr/", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://bilishim.com/2020/12/18/zero-hunting-2.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Dolibarr/dolibarr/releases", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceforge.net/projects/dolibarr/", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php."}, {"lang": "es", "value": "Dolibarr versi\u00f3n 12.0.3, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota autenticada. Un atacante que tenga acceso al panel de administraci\u00f3n puede manipular la funci\u00f3n de copia de seguridad al insertar una carga \u00fatil en el nombre de archivo para el par\u00e1metro zipfilename_template en el archivo admin/tools/dolibarr_export.php"}], "lastModified": "2024-11-21T05:26:50.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:12.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE2A9F78-F313-44C4-B0C1-6901A3F897A6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}