CVE-2020-35136 in Dolibarrinfo

Summary

by MITRE • 12/23/2020

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

12/23/2020

Moderation

accepted

Entry

VDB-166731

CPE

ready

CWE

CWE-77 (confirmed)

CVSS

4.7 (VulDB)

EPSS

0.06361

KEV

Activities

very low

Sector

Agriculture, Pharma, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-35136
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-35136
CVE Details	https://www.cvedetails.com/cve/CVE-2020-35136/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!