Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2020-13240

Disclosure Date: May 20, 2020 (last updated February 21, 2025)
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0