CVE-2021-25954

Summary

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.

Affected Software

VendorProductVersion RangeStatus
Dolibarrdolibarr2.8.1 < unspecifiedaffected
Dolibarrdolibarrunspecified <= 13.0.4affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References