Description

Dolibarr is a web based ERP and CRM open source software

Acunetix determined that it was possible to access the Dolibarr contacts database without authentication

Remediation

Update to the latest patched version of Dolibarr

References

Dolibarr : unauthenticated contacts database theft

Dolibarr 16.0 - Security breach

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1500)

Squid Use After Free Vulnerability (CVE-2023-49288)

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4097)

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-42097)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42220)

Severity

High

Classification

CVE-2023-33568 CWE-552 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Known Vulnerabilities