Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

Published

2019-07-29T16:15:11.367

Last Modified

2024-11-21T04:20:42.770

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dolibarr	dolibarr_erp\/crm	9.0.1	Yes

References

https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities Exploit, Third Party Advisory ([email protected])
https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)