Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which disabled is changed to enabled in the HTML source code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dolibarr | Dolibarr | * | * |