2020-04-16 19:03:47
mitre
PUBLISHED
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any users session can be used in another users session. CSRF tokens should not be valid in this situation.