Dolibarr · Dolibarr Cms · CVE-2020-14201
**Name of the Vulnerable Software and Affected Versions**
Dolibarr CRM versions prior to 11.0.5
**Description**
The issue allows remote authenticated attackers to perform privilege escalation, enabling them to upload arbitrary files. This is achieved by modifying the "disabled" parameter to "enabled" in the HTML source code of the societe/document.php page.
**Recommendations**
For versions prior to 11.0.5, update to version 11.0.5 or later to resolve the issue.