Description
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4288)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7932)
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-14240)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1158)