#VU46583 Arbitrary file upload in dolibarr - CVE-2020-14209
Published: September 2, 2020 / Updated: June 17, 2021
Vulnerability identifier: #VU46583
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2020-14209
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
dolibarr
dolibarr
Software vendor:
Dolibarr ERP & CRM
Dolibarr ERP & CRM
Description
The vulnerability allows a remote authenticated user to execute arbitrary code.
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
Remediation
Install update from vendor's website.