CVE-2018-10092

Опубликовано: 22 мая 2018

Источник: nvd

CVSS3: 8

CVSS2: 6

EPSS Низкий

Описание

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Ссылки

http://www.openwall.com/lists/oss-security/2018/05/21/2
Exploit
Mailing List
Technical Description
Third Party Advisory
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
Release Notes
https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39
Patch
https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/
Exploit
Technical Description
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/05/21/2
Exploit
Mailing List
Technical Description
Third Party Advisory
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
Release Notes
https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39
Patch
https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*

Версия до 7.0.2 (исключая)

EPSS

Процентиль: 62%

0.00426

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

CVE-2018-10092

CVSS3: 8

ubuntu

больше 7 лет назад

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

CVE-2018-10092

CVSS3: 8

debian

больше 7 лет назад

The admin panel in Dolibarr before 7.0.2 might allow remote attackers ...

GHSA-6j62-m2vv-wc3m

CVSS3: 8

github

больше 3 лет назад

Dolibarr arbitrary commands execution

EPSS

Процентиль: 62%

0.00426

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-862