Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5 | Release Notes Third Party Advisory |
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012 | Third Party Advisory |
Configurations
History
30 Mar 2021, 14:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
25 Mar 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-09-02 17:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-14209
Mitre link : CVE-2020-14209
CVE.ORG link : CVE-2020-14209
JSON object : View
Products Affected
dolibarr
- dolibarr
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type