Description

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Remediation

References

CVE-2020-11825

Related Vulnerabilities

WordPress Plugin Acumbamail Information Disclosure (1.0.4)

WordPress Plugin VaultPress Remote Code Execution (1.9.0)

Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2013-4136)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.0.33)

MySQL CVE-2019-2997 Vulnerability (CVE-2019-2997)

Severity

High

Classification

CVE-2020-11825 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities