core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
References
Link | Resource |
---|---|
https://github.com/Dolibarr/dolibarr/commit/c1b530f58f6f01081ddbeaa2092ef308c3ec2727 | Patch Third Party Advisory |
https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/11.0.4/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-06T18:30:41
Updated: 2020-05-06T18:30:41
Reserved: 2020-05-05T00:00:00
Link: CVE-2020-12669
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-06T19:15:12.707
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-12669
JSON object: View
Redhat Information
No data.
CWE