CVE-2021-25956 (dolibarr)

CVE-2021-25956 (dolibarr)

In “Dolibarr� application, v3.3.beta1_20121221 to v13.0.2 have “Modify� access for admin level users to change other user’s details but fails to validate already existing “Login� name, while renaming the user “Login�. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.Read More