CVE-2020-7995

CRITICAL

Dolibarr 10.0.6 - Unauthenticated Login Brute-Force via Unrestricted Authentication Attempts

Title source: llm

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

Core 3

Core References

Broken Link x_refsource_misc

Broken Link x_refsource_misc

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

CVSS v3 9.8

EPSS 0.0454

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-307

Status published

Products (2)

dolibarr/dolibarr Packagist

dolibarr/dolibarr_erp\/crm 10.0.6

Published Jan 26, 2020

Tracked Since Feb 18, 2026