Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02ajYyLW0ydnYtd2Mzbc38iQ

Dolibarr arbitrary commands execution

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Permalink: https://github.com/advisories/GHSA-6j62-m2vv-wc3m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02ajYyLW0ydnYtd2Mzbc38iQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 11 days ago

CVSS Score: 8.0
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-6j62-m2vv-wc3m, CVE-2018-10092
References:

Repository: https://github.com/Dolibarr/dolibarr
Blast Radius: 6.2

Affected Packages

packagist:dolibarr/dolibarr

Dependent packages: 0
Dependent repositories: 6
Downloads: 4,987 total
Affected Version Ranges: < 7.0.2
Fixed in: 7.0.2
All affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 7.0.0, 7.0.1
All unaffected versions: 7.0.2, 7.0.3, 7.0.4, 7.0.5, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 15.0.0, 15.0.1, 15.0.2, 15.0.3