CVE-2020-14201 Information

Description

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which \disabled\ is changed to \enabled\ in the HTML source code.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-011

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5