Description

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.

Remediation

References

CVE-2021-37517

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)

WordPress Plugin Post Grid Multiple Vulnerabilities (2.0.71)

WebLogic CVE-2017-10352 Vulnerability (CVE-2017-10352)

XOOPS Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4851)

WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)

Severity

High

Classification

CVE-2021-37517 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities