Description
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
Remediation
References
Related Vulnerabilities
Lighttpd Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4559)
WordPress Plugin VaultPress Remote Code Execution (1.9.0)
WordPress Plugin Essential Real Estate Cross-Site Scripting (1.7.1)
WordPress Plugin Tera Charts Cross-Site Scripting (1.0)
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169)