Description

Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.

Remediation

References

CVE-2017-9840

Related Vulnerabilities

WordPress Plugin WP Download Codes Cross-Site Scripting (2.5.1)

WordPress Plugin YITH WooCommerce Ajax Search Unspecified Vulnerability (1.2.7)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-3583)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2505)

WordPress Plugin Calendar Event Multi View Multiple SQL Injection Vulnerabilities (1.1.7)

Severity

High

Classification

CVE-2017-9840 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities