In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dolibarr/dolibarr(Packagist) | 0 | 14.0.0 | N/A |
CVSS Metrics
