CVE-2020-14209
Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
Dolibarr versiones anteriores a 11.0.5, permite a usuarios pocos privilegiados cargar archivos de tipos peligrosos, conllevando a una ejecución de código arbitraria. Esto ocurre porque archivos .pht y .phar pueden ser cargados. Además, puede ser cargado un archivo .htaccess para reconfigurar el control de acceso (por ejemplo, para permitir a los archivos .noexe ser ejecutados como código PHP para anular el mecanismo de protección .noexe)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-16 CVE Reserved
- 2020-09-02 CVE Published
- 2021-03-25 First Exploit
- 2024-06-22 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5 | Release Notes | |
| https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/49711 | 2021-03-25 | |
| http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|