exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2021-25956

больше 4 лет назад

In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.

CVSS3: 4.7

EPSS: Низкий

CVE-2021-25956

больше 4 лет назад

In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.

CVSS3: 4.7

EPSS: Низкий

CVE-2021-25956

больше 4 лет назад

In \u201cDolibarr\u201d application, v3.3.beta1_20121221 to v13.0.2 ha ...

CVSS3: 4.7

EPSS: Низкий

GHSA-fjqg-w8g6-hhq8

больше 4 лет назад

Dolibarr vulnerable to Improper Authentication and Improper Access Control

CVSS3: 7.2

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-25956 In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.	CVSS3: 4.7	0% Низкий	больше 4 лет назад
CVE-2021-25956 In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.	CVSS3: 4.7	0% Низкий	больше 4 лет назад
CVE-2021-25956 In \u201cDolibarr\u201d application, v3.3.beta1_20121221 to v13.0.2 ha ...	CVSS3: 4.7	0% Низкий	больше 4 лет назад
GHSA-fjqg-w8g6-hhq8 Dolibarr vulnerable to Improper Authentication and Improper Access Control	CVSS3: 7.2	0% Низкий	больше 4 лет назад

Уязвимостей на страницу