Description
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
WordPress Plugin ABASE Multiple Vulnerabilities (2.6)
WordPress Plugin Google SEO Pressor for Rich snippets Cross-Site Scripting (1.2.6)
Apache Tomcat Other Vulnerability (CVE-2005-2090)
Joomla Incorrect Authorization Vulnerability (CVE-2021-26027)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)