CVE-2020-13240

Priority
Description
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup
documents directories' permission to rename uploaded files to have insecure
file extensions. This bypasses the .noexe protection mechanism against XSS.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-07-28 19:02:40 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)