cbcvebase.
CVE-2019-11200
published 2019-07-29

CVE-2019-11200: Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient…

PriorityP350high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
2.10%
79.4th percentile
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

Affected

2 ranges
VendorProductVersion rangeFixed in
dolibarrdolibarr>= 0 < 9.0.39.0.3
dolibarrdolibarr_erp_crm

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.