CVE-2023-33568

Published: Jun 13, 2023

Modified: Jan 3, 2025

PUBLISHED

Description

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/

https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1

https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7

https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e

https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-33568

Description

Affected Products

References