CVE-2019-11201

HIGH Year: 2019
CVSS v3 Score
8.0
High
CVSS v2 Score
8.5
High
Weakness Type
CWE-94
View all →

Vulnerability Description

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.

Related Vulnerabilities

CVE-2016-8020

HIGH
CVSS:8.0(High)

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted H...

CWE-942016

CVE-2020-6243

HIGH
CVSS:8.0(High)

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the exten...

CWE-942020

CVE-2021-37774

HIGH
CVSS:8.0(High)

An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.

CWE-942021

CVE-2022-34663

HIGH
CVSS:8.0(High)

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCO...

CWE-942022

CVE-2022-46648

HIGH
CVSS:8.0(High)

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product...

CWE-942022

CVE-2023-3393

HIGH
CVSS:8.0(High)

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.

CWE-942023