In Dolibarr
application, v3.3.beta1_20121221 to v13.0.2 have Modify
access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user Login
. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.