PT-2022-13406 · Dolibarr · Dolibarr

Hunterb812

Published

2022-02-25

Updated

2025-04-03

CVE-2022-0746

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions dolibarr/dolibarr versions prior to 16.0

Description The issue concerns business logic errors in the dolibarr/dolibarr GitHub repository. Specifically, it allows low-privileged users to update their login name, a functionality that should be restricted to administrators.

Recommendations For versions prior to 16.0, update to version 16.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability of low-privileged users to update their login names until the update can be applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-840

Related Identifiers

BIT-DOLIBARR-2022-0746

CVE-2022-0746

GHSA-8VQ6-5F66-HP3R

Affected Products

Dolibarr

PT-2022-13406 · Dolibarr · Dolibarr

CVE-2022-0746

Weakness Enumeration

Related Identifiers

Affected Products

References · 13