CVE-2019-11201

Published: Jul 29, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-11201

Description

Affected Products

References