Description

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.

Remediation

References

CVE-2021-37517

Related Vulnerabilities

WordPress Plugin Website FAQ 'website-faq-widget.php' SQL Injection (1.0)

Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)

WordPress Plugin WordPress Gallery MaxGalleria Unspecified Vulnerability (6.0.8)

Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-15697)

WordPress Plugin ShopLentor-WooCommerce Builder for Elementor & Gutenberg +10 Modules-All in One Solution (formerly WooLentor) Multiple Vulnerabilities (2.5.3)

Severity

High

Classification

CVE-2021-37517 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities