CVE-2018-10092
Dolibarr arbitrary commands execution
8.0
HIGH
CVSS 3.1
EPSS 0.43%
Description
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
How to fix CVE-2018-10092
To remediate CVE-2018-10092, upgrade the affected package to a fixed version below.
- Packagist/dolibarr/dolibarr—upgrade to 7.0.2 or later
Is CVE-2018-10092 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |