The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html | Exploit Third Party Advisory VDB Entry |
https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md | Broken Link |
https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html | Broken Link |
Configurations
History
17 Nov 2022, 17:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dolibarr:dolibarr_erp\/crm:10.0.6:*:*:*:*:*:*:* | |
First Time |
Dolibarr dolibarr Erp\/crm
|
26 Apr 2022, 17:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-307 | |
References |
|
|
References | (MISC) https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md - Broken Link | |
References | (MISC) https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html - Broken Link |
Information
Published : 2020-01-26 23:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-7995
Mitre link : CVE-2020-7995
CVE.ORG link : CVE-2020-7995
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts