An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.
{ "severity": "High", "cpes": [ "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*" ] }