CVE-2020-35136 — Dolibarr authenticated Remote Code Execution

Description

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.

How to fix CVE-2020-35136

To remediate CVE-2020-35136, upgrade the affected package to a fixed version below.

—no fix listed
—upgrade to 12.0.4 or later

Is CVE-2020-35136 being exploited?

Moderate — EPSS is 7.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

>= 12.0.3, <= 12.0.3
from 0, < 12.0.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-35136
PATCHgithub.com/Dolibarr/dolibarr
WEBbilishim.com/2020/12/18/zero-hunting-2.html
WEBgithub.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac
WEB