CVE-2020-14209

Unrestricted Upload of File with Dangerous Type in packagist/dolibarr/dolibarr

Identifiers

CVE-2020-14209

Package Slug

packagist/dolibarr/dolibarr

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

Dolibarr allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, an .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).

Affected Versions

All versions before 11.0.5

Solution

Upgrade to version 11.0.5 or above.

Last Modified

2020-09-11

source