Launchpad.net

CVE 2020-12669

core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.

See the CVE page on Mitre.org for more details.