CVE-2020-13240
MEDIUMDolibarr 11.0.4 - Path Traversal
Title source: llmDescription
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Scores
CVSS v3
5.4
EPSS
0.0017
EPSS Percentile
37.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-276
CWE-668
Status
published
Affected Products (2)
dolibarr/dolibarr_erp\/crm
dolibarr/dolibarr
Packagist
Timeline
Published
May 20, 2020
Tracked Since
Feb 18, 2026