Description
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Remediation
References
Related Vulnerabilities
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)
MySQL CVE-2018-2777 Vulnerability (CVE-2018-2777)
WordPress Plugin WP Database Backup Unspecified Vulnerability (4.1)
Joomla! Core 3.2.x Cross-Site Scripting (3.2.0 - 3.2.4)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4220)