Description

core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.

Remediation

References

CVE-2020-12669

Related Vulnerabilities

phpList CVE-2023-27576 Vulnerability (CVE-2023-27576)

Oracle Database Server Other Vulnerability (CVE-2001-1041)

WordPress Plugin Generate PDF using Contact Form 7 Cross-Site Scripting (3.5)

Java Unspesificed Vulnerability (CVE-2019-2786)

WordPress Plugin WooCommerce Customers Manager Privilege Escalation (26.4)

Severity

High

Classification

CVE-2020-12669 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities