VYPR
High severity8.0NVD Advisory· Published Aug 14, 2019· Updated Jun 17, 2026

CVE-2019-15062

CVE-2019-15062

Description

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dolibarr/dolibarrPackagist
>= 10.0, < 10.0.210.0.2

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.