CVE-2012-1226

NUCLEI

Dolibarr CMS 3.2.0 Alpha - Path Traversal & Arbitrary File Read via Document.php or Backtopage Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1226. PoCs published by Benjamin Kunz Mejri, Vulnerability-Lab. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in Dolibarr 3.2.0 Alpha, allowing attackers to access sensitive files via unsanitized input in the 'file' parameter. No actual exploit code is included, only a description and example URL.

Description

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Benjamin Kunz Mejri · textwebappsphp

https://www.exploit-db.com/exploits/36873

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in Dolibarr 3.2.0 Alpha, allowing attackers to access sensitive files via unsanitized input in the 'file' parameter. No actual exploit code is included, only a description and example URL.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Dolibarr 3.2.0 Alpha

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/18480

View Code ZIP pw:eip

The document describes a file include vulnerability in Dolibarr CMS v3.2.0 Alpha, allowing remote attackers to include local files via manipulated parameters. No actual exploit code is provided, only URLs demonstrating the vulnerability.

Classification

Writeup 90%