Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
References
Link | Resource |
---|---|
http://bilishim.com/2020/12/18/zero-hunting-2.html | Exploit Third Party Advisory |
https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac | Patch Third Party Advisory |
https://github.com/Dolibarr/dolibarr/releases | Third Party Advisory |
https://sourceforge.net/projects/dolibarr/ | Product Third Party Advisory |
Configurations
History
17 Nov 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-88 | |
First Time |
Dolibarr dolibarr Erp\/crm
|
|
CPE | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:12.0.3:*:*:*:*:*:*:* |
Information
Published : 2020-12-23 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35136
Mitre link : CVE-2020-35136
CVE.ORG link : CVE-2020-35136
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')