Description
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Imagements Arbitrary File Upload (1.2.5)
WordPress Plugin SlickQuiz Multiple Vulnerabilities (1.3.7.1)
WordPress Plugin OptionTree PHP Object Injection (2.6.0)
Jboss EAP Improper Handling of Exceptional Conditions Vulnerability (CVE-2018-8039)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)