GitHub Advisory DatabaseGHSA-FPVG-M786-H5VRDolibarr vulnerable to unauthenticated database access
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.569 Medium
EPSS
Percentile
97.7%
An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolibarr/dolibarr | lt | 16.0.5 |
References
github.com/advisories/GHSA-fpvg-m786-h5vr
github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
nvd.nist.gov/vuln/detail/CVE-2023-33568
www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.569 Medium
EPSS
Percentile
97.7%