CVE

CVE-2021-25956

admin

CVE-2021-25956

In “Dolibarr� application, v3.3.beta1_20121221 to v13.0.2 have “Modify� access for admin level users to change other user’s details but fails to validate already existing “Login� name, while renaming the user “Login�. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.

Source: CVE-2021-25956

Exit mobile version