CVE-2019-1010054

Name of the Vulnerable Software and Affected Versions: Dolibarr version 7.0.0

Description: The issue allows malicious HTML to change user passwords, disable users, and disable password encryption. It is related to the function that handles user password changes, user disablement, and password encryption. The attack vector involves admin access to malicious URLs.

Recommendations: For Dolibarr version 7.0.0, consider disabling the user password change, user disable, and password encryption functions until a fix is available. Restrict access to admin URLs to minimize the risk of exploitation.