Description
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
Joomla CVE-2019-15028 Vulnerability (CVE-2019-15028)
WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)
WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)
WordPress Plugin Affiliate Link Manager Cross-Site Scripting (2.1.1)
WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (8.1.12)