CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt