Описание
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:13.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02572
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 4 лет назад
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
CVSS3: 9.8
debian
около 4 лет назад
The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...
EPSS
Процентиль: 85%
0.02572
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94