Dolibarr is vulnerable to arbitrary file upload. A user with read access privilege to the storage of files is able to perform unrestricted uploading of files once edited from “disabled” to “enabled” in the HTML response code in societe/document.php
.