CVE-2012-1226
published 2012-02-21CVE-2012-1226: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via…
PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
25.10%
97.7th percentile
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr_erp_crm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
exploitdb·2012-02-22
CVE-2012-1226 Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
---
source: https://www.securityfocus.com/bid/52113/info
Dolibarr is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks.
Dolibarr 3.2.0 Alpha is vulnerable; other versions may also be affected.
http://www.example.com/document.php?modulepart=project&file=../[FILE INCLUDE VULNERABILITY!]
Exploit-DB
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion
exploitdb·2012-02-10
CVE-2012-1226 Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion
Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion
---
Title:
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
Date:
2012-02-07
References:
http://www.vulnerability-lab.com/get_content.php?id=428
VL-ID:
428
Introduction:
Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers,
invoices, orders, stocks, agenda, ...). It s an opensource free software designed for small and medium
companies, foundations and freelances. You can install, use and distribute it as a standalone application
or as a web application (on mutualized or dedicated server, or on SaaS or Cloud solutions) and use it with
any devices (desktop, smartphone, tablet).
(Copy of the Vendor Homepage: http://www.dolibarr.org/)
Abstract:
Vulnerability-Lab researcher
Nuclei
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
nuclei·CVSS 7.5
CVE-2012-1226 [HIGH] Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
Template:
id: CVE-2012-1226
info:
name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
author: daffainfo
severity: high
description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/
http://archives.neohapsis.com/archives/bugtraq/2012-02/0168.htmlhttp://www.exploit-db.com/exploits/18480http://www.securityfocus.com/archive/1/521583http://www.vulnerability-lab.com/get_content.php?id=428https://exchange.xforce.ibmcloud.com/vulnerabilities/73136https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417http://archives.neohapsis.com/archives/bugtraq/2012-02/0168.htmlhttp://www.exploit-db.com/exploits/18480http://www.securityfocus.com/archive/1/521583http://www.vulnerability-lab.com/get_content.php?id=428https://exchange.xforce.ibmcloud.com/vulnerabilities/73136https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417
2012-02-21
Published