Description
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)
WordPress Plugin Integration for Contact Form 7 and Salesforce Cross-Site Scripting (1.2.4)