Dolibarr Multiple Directory Traversal Vulnerabilities
BID:52113
Info
Dolibarr Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 52113 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1226 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2012 12:00AM |
| Updated: | Feb 27 2012 08:40PM |
| Credit: | Benjamin Kunz Mejri and Ucha Gobejishvili of Vulnerability Research Laboratory |
| Vulnerable: |
Dolibarr ERP/CRM Dolibarr 3.2 Alpha |
| Not Vulnerable: | |
Discussion
Dolibarr Multiple Directory Traversal Vulnerabilities
Dolibarr is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks.
Dolibarr 3.2.0 Alpha is vulnerable; other versions may also be affected.
Dolibarr is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks.
Dolibarr 3.2.0 Alpha is vulnerable; other versions may also be affected.
Exploit / POC
Dolibarr Multiple Directory Traversal Vulnerabilities
Attackers can exploit these issues through a browser.
The following example URI is available:
http://www.example.com/document.php?modulepart=project&file=../[FILE INCLUDE VULNERABILITY!]
Attackers can exploit these issues through a browser.
The following example URI is available:
http://www.example.com/document.php?modulepart=project&file=../[FILE INCLUDE VULNERABILITY!]
Solution / Fix
Dolibarr Multiple Directory Traversal Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Dolibarr Multiple Directory Traversal Vulnerabilities
References:
References:
- Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities (Vulnerability-lab)
- Dolibarr Homepage ( Dolibarr ERP/CRM)
- Fix: Multiple directory traversal vulnerabilities with backtopage (Dolibarr ERP/CRM)
- Fix: Multiple directory traversal vulnerabilities with document.php (Dolibarr ERP/CRM)