#VU46583 Arbitrary file upload in dolibarr - CVE-2020-14209

Cybersecurity Help s.r.o.

Published: 2020-09-02 | Updated: 2021-06-17

Vulnerability identifier: #VU46583

Vulnerability risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2020-14209

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
dolibarr
Web applications / CRM systems

Vendor: Dolibarr ERP & CRM

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).

Mitigation
Install update from vendor's website.

Vulnerable software versions

dolibarr: 11.0.0 alpha - 11.0.4

External links
https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in dolibarr