CVE-2012-10059

Dolibarr ERP/CRM Post-Auth OS Command Injection

Description

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server.

INFO

Published Date :

2025-08-13T20:33:50.619Z

Last Modified :

2026-04-07T14:02:51.942Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10059 vulnerability.

Vendors	Products
Dolibarr	Dolibarr Dolibarr Erp/crm

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10059.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb
https://seclists.org/fulldisclosure/2012/Apr/78
https://www.dolibarr.org/
https://www.exploit-db.com/exploits/18724
https://www.exploit-db.com/exploits/18725
https://www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injection

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability