UBUNTU-CVE-2019-11200

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-11200

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-11200.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-11200

Related

CVE-2019-11200

Published

2019-07-29T16:15:00Z

Modified

2024-10-15T14:06:49Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

References

Affected packages

Ubuntu:Pro:16.04:LTS / dolibarr

Package

Name: dolibarr
Purl: pkg:deb/ubuntu/dolibarr?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.5+dfsg1-2

3.5.7+dfsg1-1

3.5.8+dfsg1-1

3.5.8+dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}