Dolibarr · Dolibarr · CVE-2020-35136
**Name of the Vulnerable Software and Affected Versions**
Dolibarr version 12.0.3
**Description**
The issue allows for authenticated Remote Code Execution. An attacker with access to the admin dashboard can exploit the backup function by inserting a payload into the `zipfilename template` parameter in the `admin/tools/dolibarr export.php` endpoint.
**Recommendations**
For Dolibarr version 12.0.3, consider disabling access to the `admin/tools/dolibarr export.php` endpoint or restricting the `zipfilename template` parameter to prevent exploitation until a patch is available.