Title Dolibarr CMS v3.2.0 Alpha-File Include Vulnerabilities
Overview: Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers,
Invoices, orders, stocks, agenda,...). It s an opensource free software designed for small and medium
Companies, foundations and freelances. You can install, use and distribute it as a standalone application
Or as a web application (on mutualized or dedicated server, or on SaaS or Cloud solutions) and use it
Any devices (desktop, smartphone, tablet ).
Website: http://www.dolibarr.org
Abstract:
Security researcher found a vulnerability in Dolibarrs CMS v3.2.0 Alpha
Status: Published
Analysis:
Multiple File Include Vulnerabilities are detected on Dolibarrs Content Management System v3.2.0 Alpha.
The vulnerability allows an attacker (remote) or local low privileged user account to request local web-server
Or system files. Successful exploitation of the vulnerability results in dbms & application compromise.
Vulnerable Module (s ):
[+]? Modulepart = project & file =
[+]? Action = create & actioncode = AC_RDV & contactid = 1 & socid = 1 & backtopage =
Picture (s ):
../1.png
../2.png
Test proof t:
========================
The vulnerabilities can be exploited by remote attackers or local low privileged user accounts. For demonstration or reproduce...
A http://www.bkjia.com/document. php? Modulepart = project & file = ../[file include vulnerability!]
Http://www.bkjia.com/comm/action/fiche. php? Action = create & actioncode = AC_RDV & contactid = 1 & socid = 1 & backtopage = ../common/[file include vulnerability!]
Risk Level:
=====
The security riks of the file include vulnerabilities are estimated as high (+ ).