Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
References
Link | Resource |
---|---|
http://bilishim.com/2020/12/18/zero-hunting-2.html | Exploit Third Party Advisory |
https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac | Patch Third Party Advisory |
https://github.com/Dolibarr/dolibarr/releases | Third Party Advisory |
https://sourceforge.net/projects/dolibarr/ | Product Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-12-23 15:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-35136
Mitre link : CVE-2020-35136
CVE.ORG link : CVE-2020-35136
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')