Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr


Reported on

Jul 21st 2021

✍️ Description

CSRF bug to remove linked file

🕵️‍♂️ Proof of Concept

bellow request is vulnerable to csrf attack when removing linked file.

💥 Impact

csrf attack

We have contacted a member of the dolibarr team and are waiting to hear back 2 years ago
ranjit-git modified the report
2 years ago
Laurent Destailleur marked this as fixed with commit c3e885 2 years ago
Laurent Destailleur has been awarded the fix bounty
This vulnerability will not receive a CVE
card.php#L70-L150 has been validated
to join this conversation