Description

Dolibarr is a web based ERP and CRM open source software

Acunetix determined that it was possible to access the Dolibarr contacts database without authentication

Remediation

Update to the latest patched version of Dolibarr

References

Dolibarr : unauthenticated contacts database theft

Dolibarr 16.0 - Security breach

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-1999-1376)

MediaWiki CVE-2022-34912 Vulnerability (CVE-2022-34912)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5105)

PostgreSQL CVE-2023-5870 Vulnerability (CVE-2023-5870)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4298)

Severity

High

Classification

CVE-2023-33568 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities