vulnerability

Ubuntu: (CVE-2019-15062): dolibarr vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:P/I:P/A:P)	Aug 14, 2019	Jun 26, 2025	Jun 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Aug 14, 2019

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

Solution

no-fix-ubuntu-package

References

CVE-2019-15062
https://attackerkb.com/topics/CVE-2019-15062
URL-https://gauravnarwani.com/publications/CVE-2019-15062/
URL-https://github.com/Dolibarr/dolibarr/issues/11671
URL-https://www.cve.org/CVERecord?id=CVE-2019-15062

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today