Description

Dolibarr is a web based ERP and CRM open source software

Acunetix determined that it was possible to access the Dolibarr contacts database without authentication

Remediation

Update to the latest patched version of Dolibarr

References

Dolibarr : unauthenticated contacts database theft

Dolibarr 16.0 - Security breach

Related Vulnerabilities

Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-14574)

Jboss EAP Incorrect Authorization Vulnerability (CVE-2022-0866)

Oracle JRE CVE-2013-5803 Vulnerability (CVE-2013-5803)

SharePoint CVE-2021-41344 Vulnerability (CVE-2021-41344)

WordPress Plugin Recent Backups Arbitrary File Download (0.7)

Severity

High

Classification

CVE-2023-33568 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities