Description

Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.

Remediation

References

CVE-2017-9840

Related Vulnerabilities

WordPress Plugin Author Stats Cross-Site Scripting (1.3)

WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2003-1599)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6820)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6617)

Severity

High

Classification

CVE-2017-9840 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities