CVE-2020-14209

HIGH

Dolibarr < 11.0.5 - Authenticated Arbitrary File Upload and Remote Code Execution via .pht and .phar Files

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14209. PoCs published by Andrea Gonzalez.

AI-analyzed exploit summary This exploit bypasses file upload restrictions in Dolibarr ERP/CRM 11.0.4 by leveraging three methods: extension bypass, file renaming, and .htaccess manipulation. It achieves authenticated remote code execution (RCE) by uploading malicious PHP files or leveraging server-side includes (SSI).

Description

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).

Exploits (1)

exploitdb WORKING POC

by Andrea Gonzalez · pythonwebappsphp

https://www.exploit-db.com/exploits/49711

View Code ZIP pw:eip

This exploit bypasses file upload restrictions in Dolibarr ERP/CRM 11.0.4 by leveraging three methods: extension bypass, file renaming, and .htaccess manipulation. It achieves authenticated remote code execution (RCE) by uploading malicious PHP files or leveraging server-side includes (SSI).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Dolibarr ERP/CRM versions prior to 11.0.5

Auth required

Prerequisites: Valid credentials for Dolibarr ERP/CRM · Access to the file upload functionality · Apache web server with .htaccess support for the htaccess method

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-012

Release Notes, Third Party Advisory x_refsource_confirm

https://github.com/Dolibarr/dolibarr/releases/tag/11.0.5

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161955/Dolibarr-ERP-CRM-11.0.4-Bypass-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.1017

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

dolibarr/dolibarr < 11.0.5

dolibarr/dolibarr 0 - 11.0.5Packagist

Published Sep 02, 2020

Tracked Since Feb 18, 2026