CVE-2020-11825

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.

Published: Apr 16, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-11825
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
dolibarr / dolibarr_erp/crm	10.0.6	10.0.6.x

https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html

Vulnerability Database

290,206

CVE-2020-11825