Dolibarr Missing Authorization Vulnerability (CVE-2018-10092)

Description

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Remediation

References

CVE-2018-10092

Related Vulnerabilities

PHP-Fusion URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-23182)

Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)

MySQL Other Vulnerability (CVE-2006-2753)

Joomla! Core 3.x.x Information Disclosure (3.8.0 - 3.9.13)

WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Request Forgery (2.2.6)

Severity

High

Classification

CVE-2018-10092 CWE-862 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N