CVE-2024-31503 Information

Description

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before allows authenticated attackers to steal victim users’ session cookies and CSRF protection tokens via user interaction with a crafted web page leading to account takeover.

Reference

https://github.com/alexbsec/CVEs/blob/master/2024/CVE-2024-31503.md