What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-14209.

What is the severity of CVE-2020-14209?

The severity of CVE-2020-14209 is high with a severity value of 8.8.

What types of files can be uploaded to exploit CVE-2020-14209?

The types of files that can be uploaded to exploit CVE-2020-14209 are .pht and .phar files.

How can CVE-2020-14209 be fixed?

To fix CVE-2020-14209, it is recommended to update Dolibarr to version 11.0.5 or later.

Vulnerability/
CVE-2020-14209

high

8.8

CWE

434

2/9/2020

24/5/2022

4/8/2024

CVE-2020-14209: Malicious File Upload

Q: How does CVE-2020-14209 impact Dolibarr before version 11.0.5?

CVE-2020-14209 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution in Dolibarr before version 11.0.5.

First published: Wed Sep 02 2020(Updated: )

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Dolibarr Dolibarr	<11.0.5
composer/dolibarr/dolibarr	<11.0.5	11.0.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-14209.
What is the severity of CVE-2020-14209?
The severity of CVE-2020-14209 is high with a severity value of 8.8.
How does CVE-2020-14209 impact Dolibarr before version 11.0.5?
CVE-2020-14209 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution in Dolibarr before version 11.0.5.
What types of files can be uploaded to exploit CVE-2020-14209?
The types of files that can be uploaded to exploit CVE-2020-14209 are .pht and .phar files.
How can CVE-2020-14209 be fixed?
To fix CVE-2020-14209, it is recommended to update Dolibarr to version 11.0.5 or later.

collector/nvd-index
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-2gcp-xwxg-hqg3
alias/CVE-2020-14209
agent/software-canonical-lookup
agent/severity
agent/references
agent/weakness
agent/description
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/first-publish-date
agent/trending
vendor/dolibarr
canonical/dolibarr dolibarr
package-manager/composer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.