CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-7995

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1890%
EPSS Percentile13.63th
Published2020年1月26日
Last Modified2024年11月21日

Vulnerability Description

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

= 10.0.6

References & Advisories

🔗 http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html
🔗 https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md
🔗 https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html
🔗 http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html
🔗 https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md
🔗 https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html

相关漏洞威胁

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...