VYPR
Moderate severityNVD Advisory· Published Aug 9, 2021· Updated Sep 17, 2024

Improper Access Control in “Dolibarr”

CVE-2021-25954

Description

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dolibarr/dolibarrPackagist
>= 2.8.1, < 14.0.014.0.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.