{"vulnerability": "cve-2021-25954", "sightings": [{"uuid": "da3681fc-9ea3-45e6-b760-4109280d0982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-25954", "type": "seen", "source": "https://t.me/cibsecurity/27019", "content": "\u203c CVE-2021-25954 \u203c\n\nIn \u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201cDolibarr\u00c3\u00a2\u00e2\u201a\u00ac? application, 2.8.1 to 13.0.4 don\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at \u00c3\u00a2\u00e2\u201a\u00ac\u00c5\u201c/adherents/note.php?id=1\u00c3\u00a2\u00e2\u201a\u00ac? endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-09T20:37:09.000000Z"}]}