Skip to content

Latest commit

 

History

History
28 lines (20 loc) · 908 Bytes

CVE-2024-31503.md

File metadata and controls

28 lines (20 loc) · 908 Bytes

Public Security Advisory: CVE-2024-31503

CVSS Score

  • Base Score: 7.5
  • Vector: CVSS:3.1/AV:N/PR:H/S:C/I:H/AC:H/UI:R/C:H/A:L

Affected Product

The issue was found on Dolibarr ERP/CRM

Affected Version

  • Dolibarr ERP/CRM up to 19.0.0
  • Fixed in version 19.0.1

CVE ID

CVE-2024-31503

Description

Incorrect access control in Dolibarr ERP CRM up to v19.0.0 allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

Impact

An attacker could exploit this vulnerability to hijack administrator session and take over the web application.

Vulnerability Type

CWE-284: Improper Access Control

Researchers