← back
CVE-2020-35136

CVE-2020-35136

EPSS 6.4%
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bilishim.com/2020/12/18/zero-hunting-2.htmlhttps://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbachttps://github.com/Dolibarr/dolibarr/releaseshttps://sourceforge.net/projects/dolibarr/