7.5

CVE-2023-33568

Exploit
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DolibarrDolibarr Erp/crm Version >= 16.0.0 < 16.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.94% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
Patch
https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
Patch
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
Vendor Advisory
Mitigation
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
Vendor Advisory
Mitigation
https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
Third Party Advisory
Exploit