Description
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
References (4)
Core 4
Core References
Patch x_refsource_confirm
https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39
Release Notes x_refsource_confirm
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/
Exploit, Mailing List, Technical Description, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/05/21/2
Scores
CVSS v3
8.0
EPSS
0.0043
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (2)
dolibarr/dolibarr
< 7.0.2
dolibarr/dolibarr
0 - 7.0.2Packagist
Published
May 22, 2018
Tracked Since
Feb 18, 2026