Vulnerability Details CVE-2020-7995
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html
- https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md
- https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html
- http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html
- https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md
- https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html
Products affected by CVE-2020-7995
-
cpe:2.3:a:dolibarr:dolibarr_erp/crm:10.0.6