Stay in touch

Get our research, blog and event invitations before everybody else!

Your data will stay confidential Private and Confidential

Multiple RCEs via CSRF in Dolibarr

Advisory ID:HTB23302
Vulnerable Versions:3.9.2 and probably prior
Tested Version:3.9.2
Advisory Publication:June 10, 2016 [without technical details]
Vendor Notification:June 10, 2016
Public Disclosure:April 25, 2018
Latest Update:October 2, 2016
Vulnerability Type:Cross-Site Request Forgery [CWE-352]
CVE Reference:Pending
Risk Level:High
CVSSv3 Base Score:To be disclosed on April 25, 2018
Discovered and Provided:High-Tech Bridge Security Research Lab

Advisory Details:

To be disclosed on April 25, 2018 [Disclosure Policy]

Vendor notified, awaiting vendor solution.

[1] High-Tech Bridge Advisory HTB23302 - - Multiple RCE via CSRF in Dolibarr
[2] Dolibarr - - Dolibarr ERP & CRM is a modern and easy to use open-source web software package to manage your business (customers, invoices, orders, products, stocks, agenda, emailings, shipments...).
[3] Common Weakness Enumeration (CWE) - - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[4] ImmuniWeb® - Leveraging the power of machine-learning and genius of human brain to deliver the most advanced web application security and penetration testing.
[5] Free SSL/TLS Server test - Test SSL/TLS encryption reliability and security of your web or email server, verify compliance with PCI DSS, HIPAA and NIST.
User Comments
Add Comment

High-Tech Bridge on Facebook High-Tech Bridge on Twitter High-Tech Bridge on LinkedIn High-Tech Bridge RSS Feeds Send by Email