logo

Database

Cross-site request forgery In dolibarr/dolibarr

Description

Dolibarr Cross-Site Request Forgery Vulnerability In Dolibarr 10.0.6, forms are protected with a Cross-Site Request Forgery (CSRF) token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-118252. NVD-2020-118253. OSV-2020-118254. GCVE-2020-11825

References

1. https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-RZH0V – Vulnerability | Fluid Attacks Database