In “Dolibarr� application, v3.3.beta1_20121221 to v13.0.2 have “Modify� access for admin level users to change other user’s details but fails to validate already existing “Login� name, while renaming the user “Login�. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.

Source: CVE-2021-25956

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.