Описание
Dolibarr arbitrary commands execution
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-10092
- https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39
- https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
- https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability
- http://www.openwall.com/lists/oss-security/2018/05/21/2
Пакеты
Наименование
dolibarr/dolibarr
composer
Затронутые версииВерсия исправления
< 7.0.2
7.0.2
Связанные уязвимости
CVSS3: 8
ubuntu
больше 7 лет назад
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
CVSS3: 8
nvd
больше 7 лет назад
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
CVSS3: 8
debian
больше 7 лет назад
The admin panel in Dolibarr before 7.0.2 might allow remote attackers ...