Main Vulnerability Database Exploits ID:5593 - Exploit for Arbitrary file upload in dolibarr - CVE-2020-14209

ID:5593 - Exploit for Arbitrary file upload in dolibarr - CVE-2020-14209

Published: June 17, 2021

Vulnerability identifier: #VU46583

Vulnerability risk: High

CVE-ID: CVE-2020-14209

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
dolibarr

Link to public exploit:

https://www.exploit-db.com/exploits/49711/

Vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).

Remediation

Install update from vendor's website.

ID:5593 - Exploit for Arbitrary file upload in dolibarr - CVE-2020-14209

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human