Description
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Arbitrary File Upload (3.4.3)
MySQL CVE-2019-2960 Vulnerability (CVE-2019-2960)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43767)
WordPress Plugin WP Cost Estimation & Payment Forms Builder Multiple Vulnerabilities (9.642)