CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.

Date published : 2020-08-21

https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog

https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-011