Description

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Remediation

References

CVE-2020-11825

Related Vulnerabilities

Oracle Database Server CVE-2023-21949 Vulnerability (CVE-2023-21949)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.15)

WordPress Plugin Authenticator Denial of Service (1.3.0)

WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.8.2)

Oracle HTTP Server CVE-2013-6438 Vulnerability (CVE-2013-6438)

Severity

High

Classification

CVE-2020-11825 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities