dolibarr is vulnerable to cross-site request forgery (CSRF). The vulnerability exists as an iframe
element that contains a user/card.php CSRF request in the Linked Files settings page can be visited by an admin to cause an admin account takeover.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 10.0.1 | |
dolibarr/dolibarr | le | 9.0.4 | |
dolibarr/dolibarr | le | 10.0.1 | |
dolibarr/dolibarr | le | 9.0.4 |