Description
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Survey Maker-Best WordPress Survey Cross-Site Scripting (3.1.3)
WordPress Plugin WP Frontend Profile Multiple Vulnerabilities (0.2.1)
Jenkins Uncontrolled Resource Consumption Vulnerability (CVE-2012-0785)
WordPress Plugin Chained Quiz Multiple Cross-Site Scripting Vulnerabilities (0.9.8)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9853)