CVE-2019-11200
published 2019-07-29CVE-2019-11200: Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient…
PriorityP350high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.10%
79.4th percentile
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 9.0.3 | 9.0.3 |
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr ERP and CRM malicious executable loading
ghsa·2022-05-24
CVE-2019-11200 [HIGH] Dolibarr ERP and CRM malicious executable loading
Dolibarr ERP and CRM malicious executable loading
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)
OSV
Dolibarr ERP and CRM malicious executable loading
osv·2022-05-24
CVE-2019-11200 [HIGH] Dolibarr ERP and CRM malicious executable loading
Dolibarr ERP and CRM malicious executable loading
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)
OSV
CVE-2019-11200: Dolibarr ERP/CRM 9
osv·2019-07-29·CVSS 8.8
CVE-2019-11200 [HIGH] CVE-2019-11200: Dolibarr ERP/CRM 9
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-07-29
Published