Description

Dolibarr is a web based ERP and CRM open source software

Acunetix determined that it was possible to access the Dolibarr contacts database without authentication

Remediation

Update to the latest patched version of Dolibarr

References

Dolibarr : unauthenticated contacts database theft

Dolibarr 16.0 - Security breach

Related Vulnerabilities

ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4567)

Oracle JRE CVE-2019-2973 Vulnerability (CVE-2019-2973)

WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35160)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3174)

Severity

High

Classification

CVE-2023-33568 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities