Home > Vulnerability Database > CVE-2023-33568

Mend.io Vulnerability Database

CVE-2023-33568

Date: June 12, 2023

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Language: PHP

Severity Score

7.5

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33568

Url: https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7

Url: https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/

Url: https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471

Url: https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e

Url: https://github.com/Dolibarr/dolibarr

Url: https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump

Url: https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1

Url: https://www.mend.io/vulnerability-database/CVE-2023-33568

Severity Score

7.5

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33568

Date: June 12, 2023

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?