CNNVD-202508-1466 Information

Aug 13, 2025 cve

CNNVD ID

CNNVD-202508-1466

CVE-2012-10059

CNNVD Published: 2025-08-13

Description (Chinese)

Dolibarr ERP/CRM是法国Dolibarr基金会的一套基于Web的企业资源计划（ERP）和客户关系管理（CRM）系统。该系统可用来管理产品、库存、发票、订单等。 Dolibarr ERP/CRM 3.1.1及之前版本和3.2.0及之前版本存在安全漏洞，该漏洞源于数据库备份功能未清理sql_compat参数，可能导致命令注入。

Description (English)

Dolibarra ERP/CRM is a Web-based enterprise resource plan (ERP) and customer relationship management (CRM) system of the Dolibarr Foundation of France. The system can be used to manage products, inventories, invoices, orders, etc. There is a security loophole in Dolibarr ERP/CRM 3.1.1 and previous and 3.2.0 and previous versions, which stems from the uncleaned sql compat parameters of the database backup, which may lead to the injection of commands.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Dolibarr

Published

2025-08-13

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/ https://seclists.org/fulldisclosure/2012/Apr/78 https://www.dolibarr.org/ https://www.exploit-db.com/exploits/18724 https://www.exploit-db.com/exploits/18725 https://www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injection

Share on: