What is the severity of CVE-2019-11200?

CVE-2019-11200 has a medium severity rating due to the potential for arbitrary code execution via insufficient checks on export parameters.

How do I fix CVE-2019-11200?

To fix CVE-2019-11200, upgrade Dolibarr ERP/CRM to version 9.0.3 or later where the vulnerability has been addressed.

What versions of Dolibarr ERP/CRM are affected by CVE-2019-11200?

CVE-2019-11200 specifically affects Dolibarr ERP/CRM version 9.0.1.

Can CVE-2019-11200 allow remote code execution?

Yes, CVE-2019-11200 enables an attacker to execute arbitrary binaries on the server due to insufficient parameter validation.

What components are primarily impacted by CVE-2019-11200?

CVE-2019-11200 primarily impacts the web-based database backup functionality of Dolibarr ERP/CRM.

Vulnerability/
CVE-2019-11200

high

8.8

29/7/2019

24/5/2022

4/8/2024

CVE-2019-11200

First published: Mon Jul 29 2019(Updated: )

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. (Malicious binaries can be uploaded by abusing other functionalities of the application.)

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
composer/dolibarr/dolibarr	<9.0.3	9.0.3
Dolibarr ERP & CRM	=9.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-11200?
CVE-2019-11200 has a medium severity rating due to the potential for arbitrary code execution via insufficient checks on export parameters.
How do I fix CVE-2019-11200?
To fix CVE-2019-11200, upgrade Dolibarr ERP/CRM to version 9.0.3 or later where the vulnerability has been addressed.
What versions of Dolibarr ERP/CRM are affected by CVE-2019-11200?
CVE-2019-11200 specifically affects Dolibarr ERP/CRM version 9.0.1.
Can CVE-2019-11200 allow remote code execution?
Yes, CVE-2019-11200 enables an attacker to execute arbitrary binaries on the server due to insufficient parameter validation.
What components are primarily impacted by CVE-2019-11200?
CVE-2019-11200 primarily impacts the web-based database backup functionality of Dolibarr ERP/CRM.

collector/github-advisory-latest
alias/GHSA-2rwh-262r-r85j
alias/CVE-2019-11200
collector/github-advisory
agent/type
agent/references
agent/author
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/composer
vendor/dolibarr
canonical/dolibarr erp & crm
version/dolibarr erp & crm/9.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.