Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. dolibarr/dolibarr
  4. ›
  5. CVE-2020-14209

CVE-2020-14209: Unrestricted Upload of File with Dangerous Type

September 2, 2020 (updated March 30, 2021)

Dolibarr allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, an .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).

References

  • nvd.nist.gov/vuln/detail/CVE-2020-14209

Code Behaviors & Features

Detect and mitigate CVE-2020-14209 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 11.0.5

Fixed versions

  • 11.0.5

Solution

Upgrade to version 11.0.5 or above.

Impact 8.8 HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS

Weakness

  • CWE-434: Unrestricted Upload of File with Dangerous Type

Source file

packagist/dolibarr/dolibarr/CVE-2020-14209.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:16:08 +0000.