Vulnerability Details : CVE-2023-33568
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Products affected by CVE-2023-33568
- cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33568
48.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33568
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-33568
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-33568
-
https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
FIX FILTER_VALIDATE_EMAIL param is not a string · Dolibarr/dolibarr@bb7b69e · GitHubPatch
-
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
Dolibarr 16.0 - Security breach - Announcements & news - Dolibarr international forumMitigation;Vendor Advisory
-
https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
Fix regression · Dolibarr/dolibarr@be82f51 · GitHubPatch
-
https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
Dolibarr : unauthenticated contacts database theft | DSecBypassExploit;Third Party Advisory
-
https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
Dolibarr 16.0 - Security breach - Announcements & news - Dolibarr international forumMitigation;Vendor Advisory
Jump to