Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
References
Link | Resource |
---|---|
http://bilishim.com/2020/12/18/zero-hunting-2.html | Exploit Third Party Advisory |
https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac | Patch Third Party Advisory |
https://github.com/Dolibarr/dolibarr/releases | Third Party Advisory |
https://sourceforge.net/projects/dolibarr/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-23T14:39:49
Updated: 2020-12-23T14:41:10
Reserved: 2020-12-11T00:00:00
Link: CVE-2020-35136
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-23T15:15:16.043
Modified: 2022-11-17T17:21:59.260
Link: CVE-2020-35136
JSON object: View
Redhat Information
No data.
CWE