2 matches found
InvenTree Deploys a Weak Password Change Mechanism
Description When setting a new user password, InvenTree does not require knowledge of the original password or using another form of authentication. Proof of Concept 1. Log in as a regular user 2. Go to the account settings link 3. Select Set Password 4. Enter any 8-character password string this...
Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses Vulnerabilities
Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. Dolibarr ERP & CRM - Multiple Issues Affected Versions ================= Dolibarr 4.0.4 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Si...