CVE-2012-1226

NUCLEI

Dolibarr Erp/crm - Path Traversal

Title source: rule

Description

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/18480
exploitdb WRITEUP VERIFIED
by Benjamin Kunz Mejri · textwebappsphp
https://www.exploit-db.com/exploits/36873

Nuclei Templates (1)

Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
HIGHby daffainfo
Shodan: http.favicon.hash:440258421
FOFA: icon_hash=440258421

References (7)

Scores

EPSS 0.0476
EPSS Percentile 89.3%

Classification

CWE
CWE-22
Status draft

Affected Products (1)

dolibarr/dolibarr_erp\/crm

Timeline

Published Feb 21, 2012
Tracked Since Feb 18, 2026