CVE-2020-13240 - CERT CVE
ID CVE-2020-13240
Sažetak The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Reference
CVSS
Base: 5.5
Impact: 4.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:N/AC:L/Au:S/C:P/I:P/A:N
Zadnje važnije ažuriranje 17-11-2022 - 17:21
Objavljeno 20-05-2020 - 15:15