CVE-2012-10059

Critical CVSS 9.4

Overview

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.

CWE: CWE-78 Published: 2025-08-13T21:15:30.453

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.4 (CRITICAL)
Detected tags: command_injection, rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags