Description
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.
Remediation
References
Related Vulnerabilities
WordPress Plugin RokStories Multiple Vulnerabilities (1.25)
Oracle JRE CVE-2013-5782 Vulnerability (CVE-2013-5782)
MySQL CVE-2020-14838 Vulnerability (CVE-2020-14838)
TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-21339)
Joomla Improper Input Validation Vulnerability (CVE-2013-5576)