Description
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-10167 Vulnerability (CVE-2017-10167)
PHP Other Vulnerability (CVE-2009-1271)
Oracle Application Server Other Vulnerability (CVE-2005-3450)
OpenSSL Use of Insufficiently Random Values Vulnerability (CVE-2019-1549)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)