vulnerability

Ubuntu: (CVE-2019-11201): dolibarr vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Jul 29, 2019	Jun 26, 2025	Jun 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Jul 29, 2019

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the same page, which specifies the inclusion of dynamic content. Thus, a lower privileged user of the application can execute code under the context and permissions of the underlying web server.

Solution

no-fix-ubuntu-package

References

CVE-2019-11201
https://attackerkb.com/topics/CVE-2019-11201
URL-https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities
URL-https://www.cve.org/CVERecord?id=CVE-2019-11201

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today