CVE-2023-33568

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7 Patch
https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e Patch
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471 Mitigation Vendor Advisory
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1 Mitigation Vendor Advisory
https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
History

23 Jun 2023, 19:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Dolibarr
Dolibarr dolibarr Erp\/crm
CPE cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
CWE CWE-552
References (MISC) https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471 - (MISC) https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471 - Mitigation, Vendor Advisory
References (MISC) https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1 - (MISC) https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1 - Mitigation, Vendor Advisory
References (MISC) https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ - (MISC) https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/ - Exploit, Third Party Advisory
References (MISC) https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e - (MISC) https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e - Patch
References (MISC) https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7 - (MISC) https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7 - Patch

15 Jun 2023, 14:15

Type Values Removed Values Added
Summary An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

13 Jun 2023, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-13 15:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-33568

Mitre link : CVE-2023-33568

CVE.ORG link : CVE-2023-33568

JSON object : View

Products Affected

dolibarr

  • dolibarr_erp\/crm
CWE
CWE-552

Files or Directories Accessible to External Parties


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024