Database Access Vulnerability in Dolibarr by DOLIBARR
CVE-2023-33568

7.5HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr Erp\/crm
Vendor: CVE Published:; 13 June 2023

What is CVE-2023-33568?

A significant vulnerability in Dolibarr versions prior to 16.0.5 allows unauthenticated individuals to gain unauthorized access to critical company data. This includes the ability to perform database dumps, which may expose sensitive information such as client files, prospect lists, supplier records, and employee data, especially if a contact file is present. Organizations using affected versions should take immediate steps to mitigate the risk and update to the latest version.

References

https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-d...

https://www.dolibarr.org/forum/t/dolibarr-16-0-security-b...

https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673...

EPSS Score

72% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 22, 2023