VDB
CVE-2012-10059
CVE-2012-10059
PUBLISHED
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.
EPSS 47.85% · 97.8th percentile
Risk Scores
EPSS Score
47.85%
97.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | 0, 3.5.8+dfsg1-1, 3.5.8+dfsg1-1ubuntu1 |
Exploit Intelligence
- CIRCL seen: CVE-2012-10059 (circl-sighting)
- CIRCL seen: CVE-2012-10059 (circl-sighting)
- CIRCL seen: CVE-2012-10059 (circl-sighting)
- https://www.dolibarr.org/ (circl)
- https://www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injection (circl)
- https://www.exploit-db.com/exploits/18725 (cve.org)
- https://www.exploit-db.com/exploits/18724 (cve.org)
- https://seclists.org/fulldisclosure/2012/Apr/78 (cve.org)
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb (canonical)
Timeline
- May 29, 2018 PoC Published
- Aug 13, 2025 CVE Published
- Aug 13, 2025 CVE Updated
- Aug 13, 2025 PoC Published
- Aug 14, 2025 EPSS Score
- Aug 22, 2025 EPSS Score
- Aug 31, 2025 EPSS Score
- Sep 16, 2025 EPSS Score
- Sep 25, 2025 EPSS Score
- Oct 3, 2025 EPSS Score
- Oct 8, 2025 EPSS Score
- Oct 11, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2012-10059 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2012-10059 third-party-advisory
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb third-party-advisory
- https://seclists.org/fulldisclosure/2012/Apr/78 third-party-advisory
- https://www.dolibarr.org/ third-party-advisory
- https://www.exploit-db.com/exploits/18724 third-party-advisory
- https://www.exploit-db.com/exploits/18725 third-party-advisory
- https://www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injection third-party-advisory