Security Advisory

CVE-2021-25954

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-09 16:58:31
Last updated 2024-09-17 00:31:24
Assigner Mend
State PUBLISHED

Description

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.