High severityNVD Advisory· Published Sep 2, 2020· Updated Aug 4, 2024
CVE-2020-14209
CVE-2020-14209
Description
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | < 11.0.5 | 11.0.5 |
Affected products
2- Dolibarr/Dolibarrdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2gcp-xwxg-hqg3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-14209ghsaADVISORY
- packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.htmlghsax_refsource_MISCWEB
- github.com/Dolibarr/dolibarr/releases/tag/11.0.5ghsax_refsource_CONFIRMWEB
- www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.