Description

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Remediation

References

CVE-2018-10092

Related Vulnerabilities

Ruby on Rails Improper Input Validation Vulnerability (CVE-2016-2098)

OpenSSL DEPRECATED: Code Vulnerability (CVE-2015-0290)

Jboss EAP CVE-2018-1304 Vulnerability (CVE-2018-1304)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0813)

WordPress Plugin WP Content Copy Protection & No Right Click Security Bypass (3.1.4)

Severity

High

Classification

CVE-2018-10092 CWE-862 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities