CVE-2020-12669

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 11.0.4

Description The issue is related to the core/get menudiv.php component in Dolibarr, which lacks proper input validation. This allows remote authenticated attackers to bypass intended access restrictions by providing a non-alphanumeric menu parameter, potentially leading to unauthorized access to protected information.

Recommendations For versions prior to 11.0.4, update to version 11.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the core/get menudiv.php component until a patch is applied. Avoid using non-alphanumeric characters in the menu parameter to minimize the risk of exploitation.