Description

Dolibarr is a web based ERP and CRM open source software

Acunetix determined that it was possible to access the Dolibarr contacts database without authentication

Remediation

Update to the latest patched version of Dolibarr

References

Dolibarr : unauthenticated contacts database theft

Dolibarr 16.0 - Security breach

Related Vulnerabilities

Oracle JRE CVE-2013-2384 Vulnerability (CVE-2013-2384)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9517)

Oracle Database Server CVE-2011-0793 Vulnerability (CVE-2011-0793)

XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)

IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7440)

Severity

High

Classification

CVE-2023-33568 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities