CVE-2019-17577

Name of the Vulnerable Software and Affected Versions Dolibarr version 10.0.2

Description The issue is related to a security problem where an attacker can inject malicious code. This is possible through the 'outgoing email setup' feature, specifically in the admin/mails.php?action=edit URI, by manipulating the 'Email used for error returns emails (fields 'Errors-To' in emails sent)' field.

Recommendations For Dolibarr version 10.0.2, as a temporary workaround, consider restricting access to the 'outgoing email setup' feature in the admin/mails.php?action=edit URI until a patch is available. Avoid using the 'Email used for error returns emails' field in the affected setup until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.