Stay in touch

Get our research, blog and event invitations before everybody else!

Your data will stay confidential Private and Confidential

Multiple RCEs via CSRF in Dolibarr

Advisory ID:HTB23302
Product:Dolibarr
Vendor:https://www.dolibarr.org/
Vulnerable Versions:3.9.2 and probably prior
Tested Version:3.9.2
Advisory Publication:June 10, 2016 [without technical details]
Vendor Notification:June 10, 2016
Public Disclosure:April 25, 2018
Latest Update:October 2, 2016
Vulnerability Type:Cross-Site Request Forgery [CWE-352]
CVE Reference:Pending
Risk Level:High
CVSSv3 Base Score:To be disclosed on April 25, 2018
Discovered and Provided:High-Tech Bridge Security Research Lab
 

Advisory Details:

To be disclosed on April 25, 2018 [Disclosure Policy]


Solution:
Vendor notified, awaiting vendor solution.


References:
[1] High-Tech Bridge Advisory HTB23302 - https://www.htbridge.com/advisory/HTB23302 - Multiple RCE via CSRF in Dolibarr
[2] Dolibarr - https://www.dolibarr.org/ - Dolibarr ERP & CRM is a modern and easy to use open-source web software package to manage your business (customers, invoices, orders, products, stocks, agenda, emailings, shipments...).
[3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[4] ImmuniWeb® - Leveraging the power of machine-learning and genius of human brain to deliver the most advanced web application security and penetration testing.
[5] Free SSL/TLS Server test - Test SSL/TLS encryption reliability and security of your web or email server, verify compliance with PCI DSS, HIPAA and NIST.
User Comments
Add Comment

High-Tech Bridge on Facebook High-Tech Bridge on Twitter High-Tech Bridge on LinkedIn High-Tech Bridge RSS Feeds Send by Email
Share