CVE-2020-35136
published 2020-12-23CVE-2020-35136: Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
6.36%
92.8th percentile
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 12.0.4 | 12.0.4 |
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Dolibarr authenticated Remote Code Execution
osv·2022-05-24
CVE-2020-35136 [HIGH] Dolibarr authenticated Remote Code Execution
Dolibarr authenticated Remote Code Execution
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
GHSA
Dolibarr authenticated Remote Code Execution
ghsa·2022-05-24
CVE-2020-35136 [HIGH] CWE-77 Dolibarr authenticated Remote Code Execution
Dolibarr authenticated Remote Code Execution
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
OSV
CVE-2020-35136: Dolibarr 12
osv·2020-12-23·CVSS 7.2
CVE-2020-35136 [HIGH] CVE-2020-35136: Dolibarr 12
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bilishim.com/2020/12/18/zero-hunting-2.htmlhttps://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbachttps://github.com/Dolibarr/dolibarr/releaseshttps://sourceforge.net/projects/dolibarr/http://bilishim.com/2020/12/18/zero-hunting-2.htmlhttps://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbachttps://github.com/Dolibarr/dolibarr/releaseshttps://sourceforge.net/projects/dolibarr/
2020-12-23
Published