CVE-2023-33568

HIGH7.5EPSS 89.8%

Dolibarr vulnerable to unauthenticated database access

Published: 6/13/2023Modified: 4/3/2025

Also known as:GHSA-fpvg-m786-h5vrBIT-dolibarr-2023-33568

Description

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Affected packages (2)

Bitnami/dolibarr>= 16.0.0, < 16.0.5
Packagist/dolibarr/dolibarr>= 16.0.0, < 16.0.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (8)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-33568
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
WEBhttps://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
WEBhttps://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
WEBhttps://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
WEBhttps://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump
WEBhttps://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/