CVE-2012-10059

N/A Unknown
Published: August 13, 2025 Modified: April 15, 2026
View on NVD

Description

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb
Source: disclosure@vulncheck.com
https://seclists.org/fulldisclosure/2012/Apr/78
Source: disclosure@vulncheck.com
https://www.dolibarr.org/
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/18724
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/18725
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injection
Source: disclosure@vulncheck.com
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://seclists.org/fulldisclosure/2012/Apr/78
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.exploit-db.com/exploits/18724
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.exploit-db.com/exploits/18725
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
47.8%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-78

Related CVEs

CVE-2026-7696 6.3
CVE-2026-7695 7.3
CVE-2026-7694 7.3
CVE-2026-7692 6.3
CVE-2026-7691 6.3