← volver
CVE-2020-35136

CVE-2020-35136

EPSS 6.4%
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://bilishim.com/2020/12/18/zero-hunting-2.htmlhttps://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbachttps://github.com/Dolibarr/dolibarr/releaseshttps://sourceforge.net/projects/dolibarr/