Candidate: CVE-2020-35136
PublicDate: 2020-12-23 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35136
 http://bilishim.com/2020/12/18/zero-hunting-2.html
 https://github.com/Dolibarr/dolibarr/commit/4fcd3fe49332baab0e424225ad10b76b47ebcbac
 https://github.com/Dolibarr/dolibarr/releases
 https://sourceforge.net/projects/dolibarr/
Description:
 Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An
 attacker who has the access the admin dashboard can manipulate the backup
 function by inserting a payload into the filename for the
 zipfilename_template parameter to admin/tools/dolibarr_export.php.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [7.2 HIGH]


Patches_dolibarr:
upstream_dolibarr: needs-triage
precise/esm_dolibarr: DNE
trusty_dolibarr: ignored (out of standard support)
trusty/esm_dolibarr: DNE
xenial_dolibarr: ignored (end of standard support, was needed)
bionic_dolibarr: DNE
focal_dolibarr: DNE
groovy_dolibarr: DNE
hirsute_dolibarr: DNE
impish_dolibarr: DNE
jammy_dolibarr: DNE
devel_dolibarr: DNE