CVE-2012-1226 Scanner
CVE-2012-1226 scanner - Directory Traversal vulnerability in Dolibarr CMS
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
Dolibarr CMS is an open-source, web-based software used for managing small and medium-sized businesses. The software offers a range of features, including human resources management, invoicing, customer relationship management, and more. It is easily customizable and can be extended with add-on modules from the Dolistore. Dolibarr is designed to simplify management tasks for small businesses and reduce the costs associated with running a complex management system.
The CVE-2012-1226 vulnerability is a serious security flaw found in Dolibarr CMS version 3.2.0 Alpha. The vulnerability allows remote attackers to read arbitrary files and possibly execute arbitrary code through directory traversal attacks. The flaw can be triggered through two parameters: the "file" parameter in document.php and the "backtopage" parameter in the create action to comm/action/fiche.php. An attacker can exploit this vulnerability by inserting ".." (dot dot) into the file path, allowing them to access files outside of the intended directory.
When exploited, the vulnerability can lead to the exposure of sensitive data, including user credentials, intellectual property, and financial information. In some cases, an attacker can gain full control of the system and execute arbitrary code to further exploit the vulnerability. The consequences of a successful attack can be catastrophic, resulting in reputation damage, financial loss, and loss of customer trust.
Thanks to the pro features of the s4e.io platform, businesses can easily and quickly learn about vulnerabilities in their digital assets, protect against them, and mitigate the risks of cyber attacks. By staying informed and taking proactive security measures, businesses can reduce their vulnerability to security flaws like CVE-2012-1226 and protect their valuable data and assets.
REFERENCES
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0168.html
- http://www.exploit-db.com/exploits/18480
- http://www.securityfocus.com/archive/1/521583
- http://www.vulnerability-lab.com/get_content.php?id=428
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73136
- https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2
- https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417
