Description

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Remediation

References

CVE-2018-10092

Related Vulnerabilities

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4673)

WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)

Nginx Off-by-one Error Vulnerability (CVE-2021-23017)

WordPress Plugin sourceAFRICA Cross-Site Scripting (0.1.3)

WordPress Plugin WP Courses LMS Security Bypass (2.0.28)

Severity

High

Classification

CVE-2018-10092 CWE-862 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities