2 matches found
CVE-2019-11201
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...
CVE-2019-11201
CVE-2019-11201 affects Dolibarr ERP/CRM 9.0.1 via the built-in website module with a WYSIWYG editor. The editor allows inclusion of dynamic code, and a setting on the same page controls this capability. When enabled, a lower-privileged user can execute code within the web server’s context, exposi...