← voltar
CVE-2020-35136

CVE-2020-35136

EPSS 6.4%
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://bilishim.com/2020/12/18/zero-hunting-2.htmlhttps://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbachttps://github.com/Dolibarr/dolibarr/releaseshttps://sourceforge.net/projects/dolibarr/