Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10092

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Published

2018-05-22T20:29:01.117

Last Modified

2024-11-21T03:40:48.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.0 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dolibarr	dolibarr	< 7.0.2	Yes

References

http://www.openwall.com/lists/oss-security/2018/05/21/2 Exploit, Mailing List, Technical Description, Third Party Advisory ([email protected])
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog Release Notes ([email protected])
https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39 Patch ([email protected])
https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/ Exploit, Technical Description, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2018/05/21/2 Exploit, Mailing List, Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/ Exploit, Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)