GHSA-6j62-m2vv-wc3m

Source

https://github.com/advisories/GHSA-6j62-m2vv-wc3m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j62-m2vv-wc3m/GHSA-6j62-m2vv-wc3m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6j62-m2vv-wc3m

Aliases

CVE-2018-10092

Published

2022-05-13T01:18:47Z

Modified

2024-04-24T21:11:36.681991Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Dolibarr arbitrary commands execution

Details

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.

Database specific

{
    "nvd_published_at": "2018-05-22T20:29:00Z",
    "github_reviewed_at": "2024-04-24T20:47:40Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

Packagist / dolibarr/dolibarr

Package

Name: dolibarr/dolibarr
Purl: pkg:composer/dolibarr/dolibarr

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.2

Affected versions

3.*

3.6.0-beta

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0-beta

3.8.0

3.8.1

3.8.2

3.8.3

3.8.4

3.9.0-rc

3.9.0-rc2

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

4.*

4.0.0-beta

4.0.0-rc

4.0.0-rc2

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

5.*

5.0.0-beta

5.0.0-rc1

5.0.0-rc2

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

6.*

6.0.0-beta

6.0.0-rc

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

7.*

7.0.0

7.0.1