What is CVE-2012-10059?

CVE-2012-10059 is a vulnerability in Dolibarr Project Erp/crm, classified under OS Command Injection. Published 2025-08-13.

Is CVE-2012-10059 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Dolibarr Project Erp/crm

CVE-2012-10059

Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.672 (98.6th percentile) — read the EPSS interpretation.

Affected products

Dolibarr Project Erp/crm — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/18725 (exploit)
www.exploit-db.com/exploits/18724 (exploit)
seclists.org/fulldisclosure/2012/Apr/78 (technical-description, exploit)
www.dolibarr.org/ (product)
www.vulncheck.com/advisories/dolibarr-erp-crm-post-auth-os-command-injection (third-party-advisory)

Frequently asked questions

What is CVE-2012-10059?: CVE-2012-10059 is a vulnerability in Dolibarr Project Erp/crm, classified under OS Command Injection. Published 2025-08-13.
Is CVE-2012-10059 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.