VDB
CVE-2018-10092
CVE-2018-10092
PUBLISHED
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
EPSS 0.43% · 62.7th percentile
Risk Scores
EPSS Score
0.43%
62.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | 0, 3.5.5+dfsg1-2, 3.5.7+dfsg1-1 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2018/05/21/2 (nist-nvd)
- https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/ (nist-nvd)
- https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39 (circl)
- https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog (circl)
Timeline
- May 22, 2018 CVE Published
- Oct 3, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-10092 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-10092 third-party-advisory