Description
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)
WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection (7.1.4)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6662)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.5)
WordPress 5.7.x Multiple Prototype Pollution Vulnerabilities (5.7 - 5.7.5)