CVE-2020-14209
packagist/dolibarr/dolibarr
Unrestricted Upload of File with Dangerous Type
Dolibarr allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht
and .phar
files can be uploaded. Also, an .htaccess
file can be uploaded to reconfigure access control (e.g., to let .noexe
files be executed as PHP code to defeat the .noexe
protection mechanism).
All versions before 11.0.5
Upgrade to version 11.0.5 or above.
2020-09-11
source |