CVE-2018-10092
HIGH8.0EPSS 0.43%Dolibarr arbitrary commands execution
發布日:2022/5/13修改日:2024/4/24
描述
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
受影響套件(1)
- Packagist/dolibarr/dolibarrfrom 0, < 7.0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-10092
- PATCHhttps://github.com/Dolibarr/dolibarr
- WEBhttps://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
- WEBhttps://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39
- WEBhttps://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability
- WEBhttp://www.openwall.com/lists/oss-security/2018/05/21/2