An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
References
Link | Resource |
---|---|
https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7 | Patch |
https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e | Patch |
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471 | Mitigation Vendor Advisory |
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1 | Mitigation Vendor Advisory |
https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-13T00:00:00
Updated: 2023-06-15T00:00:00
Reserved: 2023-05-22T00:00:00
Link: CVE-2023-33568
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-13T15:15:14.147
Modified: 2023-06-23T19:22:43.680
Link: CVE-2023-33568
JSON object: View
Redhat Information
No data.
CWE