CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-14209 – Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
https://notcve.org/view.php?id=CVE-2020-14209
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). Dolibarr versiones anteriores a 11.0.5, permite a usuarios pocos privilegiados cargar archivos de tipos peligrosos, conllevando a una ejecución de código arbitraria. Esto ocurre porque archivos .pht y .phar pueden ser cargados. • https://www.exploit-db.com/exploits/49711 http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5 https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14201
https://notcve.org/view.php?id=CVE-2020-14201
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. Dolibarr CRM versiones anteriores a 11.0.5, permite una escalada de privilegios. Esto podría permitir a atacantes autenticados remotos cargar archivos arbitrarios por medio del archivo societe/document.php en los que "disabled" es cambiado a "enabled" en el código fuente HTML. • https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-011 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14443
https://notcve.org/view.php?id=CVE-2020-14443
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Una vulnerabilidad de inyección SQL en el archivo accountancy/customer/card.php en Dolibarr versión 11.0.3, permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro id • https://github.com/Dolibarr/dolibarr/commit/40e16672e3aa4e9208ea7a4829f30507dcdfc4ba • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-13094 – Dolibarr 11.0.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-13094
Dolibarr before 11.0.4 allows XSS. Dolibarr versiones anteriores a 11.0.4, permite un ataque de tipo XSS. Dolibarr version 11.0.3 suffers from a cross site scripting vulnerability. • https://github.com/mkelepce/CVE-2020-13094 http://packetstormsecurity.com/files/157752/Dolibarr-11.0.3-Cross-Site-Scripting.html https://github.com/Dolibarr/dolibarr/blob/11.0.4/ChangeLog https://www.dolibarr.org/dolibarr-erp-crm-11-0-4-maintenance-release-for-branch-11-0-is-available.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12669
https://notcve.org/view.php?id=CVE-2020-12669
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. El archivo core/get_menudiv.php en Dolibarr versiones anteriores a 1.0.4, permite a atacantes autenticados remotos omitir restricciones de acceso previstas por medio de un parámetro de menú no alfanumérico. • https://github.com/Dolibarr/dolibarr/commit/c1b530f58f6f01081ddbeaa2092ef308c3ec2727 https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/11.0.4 • CWE-20: Improper Input Validation •