April 25, 2017
April 20, 2017
April 13, 2017
April 11, 2017
Multiple RCEs via CSRF in Dolibarr
|Vulnerable Versions:||3.9.2 and probably prior|
|Advisory Publication:||June 10, 2016 [without technical details]|
|Vendor Notification:||June 10, 2016|
|Public Disclosure:||May 3, 2017|
|Latest Update:||October 2, 2016|
|Vulnerability Type:||Cross-Site Request Forgery [CWE-352]|
|CVSSv3 Base Score:||To be disclosed on May 3, 2017|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
To be disclosed on May 3, 2017 [Disclosure Policy]
|Vendor notified, awaiting vendor solution.|
| High-Tech Bridge Advisory HTB23302 - https://www.htbridge.com/advisory/HTB23302 - Multiple RCE via CSRF in Dolibarr|
 Dolibarr - https://www.dolibarr.org/ - Dolibarr ERP & CRM is a modern and easy to use open-source web software package to manage your business (customers, invoices, orders, products, stocks, agenda, emailings, shipments...).
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
 ImmuniWeb® - web security platform by High-Tech Bridge for on-demand and continuous web application security, vulnerability management, monitoring and PCI DSS compliance.
 Free SSL/TLS Server test - check your SSL implementation for PCI DSS and NIST compliance. Supports all types of protocols.