Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1226Path Traversal in ERP CRM

CWE-22Path Traversal6 documents5 sources
Severity
7.5HIGHNVD
EPSS
3.6%
top 12.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dolibarr ERP CRM
Timeline
PublishedFeb 21
Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-67ww-jmxf-h84x: Multiple directory traversal vulnerabilities in Dolibarr CMS 32022-05-17
CVEList
CVE-2012-1226: Multiple directory traversal vulnerabilities in Dolibarr CMS 32012-02-21

💥Exploits & PoCs

3
Exploit-DB
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities2012-02-22
Exploit-DB
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion2012-02-10
Nuclei
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
CVE-2012-1226 — Path Traversal in Dolibarr ERP CRM | cvebase