CVE-2019-1010054Cross-Site Request Forgery in ERP CRM Dolibarr

CWE-352Cross-Site Request Forgery5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dolibarr ERP CRM DolibarrDolibarr ERP CRM
Timeline
PublishedJul 18
Latest updateMay 24

Description

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dolibarr_erp_crm/dolibarr7.0.0

🔴Vulnerability Details

4
OSV
Dolibarr Cross Site Request Forgery (CSRF)2022-05-24
GHSA
Dolibarr Cross Site Request Forgery (CSRF)2022-05-24
CVEList
CVE-2019-1010054: Dolibarr 72019-07-18
OSV
CVE-2019-1010054: Dolibarr 72019-07-18
CVE-2019-1010054 — Cross-Site Request Forgery | cvebase