Description

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Remediation

References

CVE-2020-11825

Related Vulnerabilities

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Security Bypass (2.7.2)

Apache HTTP Server Other Vulnerability (CVE-1999-1199)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6611)

MediaWiki Other Vulnerability (CVE-2005-1888)

Severity

High

Classification

CVE-2020-11825 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities