Description
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
Remediation
References
Related Vulnerabilities
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.20)
Ampache Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3929)
Internet Information Services Other Vulnerability (CVE-1999-0407)