Description

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.

Remediation

References

CVE-2017-8879

Related Vulnerabilities

WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4041)

Sqlite Improper Input Validation Vulnerability (CVE-2016-6153)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.5.30)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)

Severity

Medium

Classification

CVE-2017-8879 CWE-287 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities