CVE-2012-1226

Name of the Vulnerable Software and Affected Versions Dolibarr CMS version 3.2.0 Alpha

Description The issue allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the file parameter to "document.php" or backtopage parameter in a create action to "comm/action/fiche.php".

Recommendations For Dolibarr CMS version 3.2.0 Alpha, consider restricting access to the "document.php" and "comm/action/fiche.php" files until a patch is available. As a temporary workaround, avoid using the file and backtopage parameters in the affected API endpoints until the issue is resolved.