VDB
CVE-2021-25956
CVE-2021-25956
PUBLISHED
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
EPSS 0.37% · 59.3th percentile
Risk Scores
EPSS Score
0.37%
59.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | 3.5.5+dfsg1-2, 3.5.7+dfsg1-1, 3.5.8+dfsg1-1 |
Exploit Intelligence
Timeline
- Aug 17, 2021 CVE Published
- Aug 18, 2021 EPSS Score
- Oct 15, 2021 EPSS Score
- Dec 13, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 9, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 9, 2022 EPSS Score
- Jun 6, 2022 EPSS Score
- Aug 1, 2022 CVE Updated
- Oct 2, 2022 EPSS Score
- Nov 30, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-25956 third-party-advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25956 third-party-advisory
- https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-25956 third-party-advisory