Improper Access Control Affecting dolibarr/dolibarr package, versions <14.0.0
Threat Intelligence
EPSS
0.1% (44th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-DOLIBARRDOLIBARR-1566575
- published 18 Aug 2021
- disclosed 17 Aug 2021
- credit Ahsan Aziz
Introduced: 17 Aug 2021
CVE-2021-25956 Open this link in a new tabHow to fix?
Upgrade dolibarr/dolibarr
to version 14.0.0 or higher.
Overview
dolibarr/dolibarr is a modern and easy to use web software to manage your business.
Affected versions of this package are vulnerable to Improper Access Control. Existing Login
names are not validated. An admin level user can rename an account name to that of another existing account name (the victim account), causing complete account takeover and the overwriting of the victim password.
References
CVSS Scores
version 3.1