Critical severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026
CVE-2012-10059
CVE-2012-10059
Description
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
6- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rbnvd
- seclists.org/fulldisclosure/2012/Apr/78nvd
- www.dolibarr.orgnvd
- www.exploit-db.com/exploits/18724nvd
- www.exploit-db.com/exploits/18725nvd
- www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injectionnvd
News mentions
0No linked articles in our index yet.