CVE-2020-11825
HIGHDolibarr 10.0.6 - Cross-Site Request Forgery via Shared CSRF Token
Title source: llmDescription
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://fatihhcelik.blogspot.com/2020/04/dolibarr-csrf.html
Scores
CVSS v3
8.8
EPSS
0.0099
EPSS Percentile
58.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
dolibarr/dolibarr
0Packagist
dolibarr/dolibarr_erp\/crm
10.0.6
Published
Apr 16, 2020
Tracked Since
Feb 18, 2026