CVE-2019-15062
Last modified
CVE-2019-15062 is a vulnerability of currently unknown severity. An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. EPSS estimates a 0.61% chance of exploitation in the next 30 days.
Description
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | 11.0.0 | Alpha |
References
- https://gauravnarwani.com/publications/CVE-2019-15062/Exploit, Third Party Advisory
- https://github.com/Dolibarr/dolibarr/issues/11671Exploit, Issue Tracking, Patch, Third Party Advisory
- https://gauravnarwani.com/publications/CVE-2019-15062/Exploit, Third Party Advisory
- https://github.com/Dolibarr/dolibarr/issues/11671Exploit, Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-15062?
How severe is CVE-2019-15062?
How do I fix CVE-2019-15062?
Are you affected by CVE-2019-15062?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST