Vulnerability Details : CVE-2020-35136
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Vulnerability category: Execute code
Products affected by CVE-2020-35136
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:12.0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-35136
4.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-35136
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2020-35136
-
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-35136
-
https://github.com/Dolibarr/dolibarr/releases
Releases · Dolibarr/dolibarr · GitHubThird Party Advisory
-
https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac
Fix disallow -- string into filename for security purpose. Vulnerability · Dolibarr/dolibarr@4fcd3fe · GitHubPatch;Third Party Advisory
-
https://sourceforge.net/projects/dolibarr/
Dolibarr ERP - CRM download | SourceForge.netProduct;Third Party Advisory
-
http://bilishim.com/2020/12/18/zero-hunting-2.html
Zero Day Hunting Diaries - 2Exploit;Third Party Advisory
Jump to