logo

Database

Cross-site request forgery In dolibarr/dolibarr

Description

Dolibarr Cross Site Request Forgery (CSRF) Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2019-10100542. NVD-2019-10100543. OSV-2019-10100544. GCVE-2019-1010054

References

1. https://github.com/lucasgcilento/CVE/blob/master/Dolibarr_CSRF2. https://github.com/chaizeg/CSRF-breach

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.