CVE-2012-1226 Scanner
Detects 'Directory Traversal' vulnerability in Dolibarr CMS affects v. 3.2.0 Alpha.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Dolibarr CMS is an open-source, web-based software used for managing small and medium-sized businesses. The software offers a range of features, including human resources management, invoicing, customer relationship management, and more. It is easily customizable and can be extended with add-on modules from the Dolistore. Dolibarr is designed to simplify management tasks for small businesses and reduce the costs associated with running a complex management system.
The CVE-2012-1226 vulnerability is a serious security flaw found in Dolibarr CMS version 3.2.0 Alpha. The vulnerability allows remote attackers to read arbitrary files and possibly execute arbitrary code through directory traversal attacks. The flaw can be triggered through two parameters: the "file" parameter in document.php and the "backtopage" parameter in the create action to comm/action/fiche.php. An attacker can exploit this vulnerability by inserting ".." (dot dot) into the file path, allowing them to access files outside of the intended directory.
When exploited, the vulnerability can lead to the exposure of sensitive data, including user credentials, intellectual property, and financial information. In some cases, an attacker can gain full control of the system and execute arbitrary code to further exploit the vulnerability. The consequences of a successful attack can be catastrophic, resulting in reputation damage, financial loss, and loss of customer trust.
Thanks to the pro features of the securityforeveryone.com platform, businesses can easily and quickly learn about vulnerabilities in their digital assets, protect against them, and mitigate the risks of cyber attacks. By staying informed and taking proactive security measures, businesses can reduce their vulnerability to security flaws like CVE-2012-1226 and protect their valuable data and assets.
REFERENCES
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0168.html
- http://www.exploit-db.com/exploits/18480
- http://www.securityfocus.com/archive/1/521583
- http://www.vulnerability-lab.com/get_content.php?id=428
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73136
- https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2
- https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417
control security posture