Vulnerability: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Impact

Successful exploitation of these vulnerabilities could allow an attacker to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure.

Severity

high

Verified

Unknown