Description
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
Remediation
References
Related Vulnerabilities
Mailman Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4624)
Joomla Other Vulnerability (CVE-2006-4473)
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.6.1)
PleskWin Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-43784)