CVE-2019-11200

Published: Jul 29, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

Affected (1)

Products: Dolibarr: Dolibarr Erp/crm

Dolibarr

1 product

Dolibarr Erp/crm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dolibarr Dolibarr Erp/crm	Version 9.0.1

References (2)

https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.