CVE-2020-14201
CVE-2020-14201 affects Dolibarr CRM prior to 11.0.5. The issue enables privilege escalation by allowing authenticated remote attackers to upload arbitrary files through societe/document.php, where the HTML source changes disabled to enabled. Root cause is improper handling of file upload permissi...