logo

Database

Authentication mechanism absence or evasion In dolibarr/dolibarr

Description

Incorrect Authorization in Dolibarr core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-126692. NVD-2020-126693. OSV-2020-126694. GCVE-2020-12669

References

1. https://github.com/Dolibarr/dolibarr/commit/c1b530f58f6f01081ddbeaa2092ef308c3ec27272. https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/11.0.4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.