Description

Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.

Remediation

References

CVE-2017-9840

Related Vulnerabilities

WordPress Plugin Simple Giveaways-Grow your business, email lists and traffic with contests Security Bypass (2.17.3)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50721)

WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)

WordPress 'wp-login.php' HTTP Response Splitting Vulnerability (1.2)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)

Severity

High

Classification

CVE-2017-9840 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities