Description
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)
WordPress Plugin The Events Calendar Countdown Addon Security Bypass (1.3.1)
Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-2612)
WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)