Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5 | Release Notes Third Party Advisory |
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-02T16:32:50
Updated: 2021-03-25T15:06:11
Reserved: 2020-06-16T00:00:00
Link: CVE-2020-14209
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-02T17:15:11.547
Modified: 2021-03-30T14:37:35.760
Link: CVE-2020-14209
JSON object: View
Redhat Information
No data.
CWE