An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
References
| Link | Resource |
|---|---|
| https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7 | Patch |
| https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e | Patch |
| https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471 | Mitigation Vendor Advisory |
| https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1 | Mitigation Vendor Advisory |
| https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ | Exploit Third Party Advisory |
| https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7 | Patch |
| https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e | Patch |
| https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471 | Mitigation Vendor Advisory |
| https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1 | Mitigation Vendor Advisory |
| https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2023-06-13 15:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33568
Mitre link : CVE-2023-33568
CVE.ORG link : CVE-2023-33568
JSON object : View
Products Affected
dolibarr
- dolibarr_erp\/crm
CWE
CWE-552
Files or Directories Accessible to External Parties