CVE-2012-10059

CRITICAL

Dolibarr ERP/CRM <= 3.1.1-3.2.0 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10059. PoCs published by Nahuel Grisolia, Metasploit, including Metasploit module exploits/linux/http/dolibarr_cmd_exec.

AI-analyzed exploit summary This exploit demonstrates an OS command injection vulnerability in Dolibarr ERP & CRM versions <= 3.1.1 and <= 3.2.0. The PoC shows how an attacker can inject arbitrary commands via the 'sql_compat' parameter in the export.php script, leading to remote code execution.

Description

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Nahuel Grisolia · textwebappsphp
https://www.exploit-db.com/exploits/18725

This exploit demonstrates an OS command injection vulnerability in Dolibarr ERP & CRM versions <= 3.1.1 and <= 3.2.0. The PoC shows how an attacker can inject arbitrary commands via the 'sql_compat' parameter in the export.php script, leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Dolibarr ERP & CRM <= 3.1.1, <= 3.2.0
Auth required
Prerequisites: Valid session cookie (DOLSESSID) · Access to the admin/tools/export.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/18724

This Metasploit module exploits a post-authentication OS command injection vulnerability in Dolibarr ERP/CRM's backup feature via the sql_compat parameter in export.php. It authenticates, retrieves session tokens, and injects commands into the mysqldump process.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dolibarr ERP/CRM 3.1.1
Auth required
Prerequisites: Valid credentials for Dolibarr · Access to the admin/tools/export.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb

This Metasploit module exploits a post-authentication OS command injection vulnerability in Dolibarr ERP/CRM 3.1.1 via the sql_compat parameter in the backup feature. It authenticates, retrieves session tokens, and injects commands into the mysqldump export process.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Dolibarr ERP/CRM 3.1.1
Auth required
Prerequisites: Valid credentials for Dolibarr · Access to the admin/tools/export.php endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 9.4
EPSS 0.0318
EPSS Percentile 86.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
Dolibarr Project/ERP/CRM < 3.1.1
Dolibarr Project/ERP/CRM < 3.2.0
Published Aug 13, 2025
Tracked Since Feb 18, 2026