Vulnerability Description
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | >= 16.0.0, < 16.0.5 |
Related Weaknesses (CWE)
References
- https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d503Patch
- https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed8Patch
- https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471MitigationVendor Advisory
- https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1MitigationVendor Advisory
- https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ExploitThird Party Advisory
- https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d503Patch
- https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed8Patch
- https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471MitigationVendor Advisory
- https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1MitigationVendor Advisory
- https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ExploitThird Party Advisory
FAQ
What is CVE-2023-33568?
CVE-2023-33568 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a conta...
How severe is CVE-2023-33568?
CVE-2023-33568 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33568?
Check the references section above for vendor advisories and patch information. Affected products include: Dolibarr Dolibarr Erp\/Crm.