Hello,
This needs to be linked with that : Dolibarr security : Without install.lock file, Dolibarr is vunerable
Basically, attacker create a new admin user with the installation script, and then create some menu entries.
So you also need to check llx_user, you must probably have a user that you do not create.
