CVE-2023-33568 Scanner
Detects 'Unauthenticated Contacts Database Theft' vulnerability in Dolibarr affects v. 16 before 16.0.5.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
2 months 25 days
Scan only one
URL
Toolbox
-
Dolibarr is an open-source ERP and CRM software that is widely used by businesses of all sizes to manage their operations. The software is designed to be flexible and customizable to meet the specific requirements of different industries. It offers a wide range of features, including invoicing, inventory management, project management, and customer relationship management.
However, recently a serious security flaw has been discovered in Dolibarr, identified as CVE-2023-33568. This vulnerability allows unauthenticated attackers to access sensitive information such as customer files, prospect lists, employee data, and supplier information if contact files exist. Essentially, this means that anyone with access to the internet can easily access the company's data without needing any login credentials.
This vulnerability can pose a significant threat to businesses that use Dolibarr, especially those in industries that handle sensitive information like financial or healthcare sectors. Attackers can exploit this vulnerability to steal sensitive information, such as personal identifiable information or financial records, and this can lead to serious financial consequences. In addition, organizations can face legal action and reputational damage from such incidents.
It’s essential to stay vigilant with your software security and ensure that your digital assets are well protected. With the pro features of the S4E platform, you can easily and quickly stay informed about vulnerabilities and take appropriate action to prevent any potential threats. By regularly monitoring your digital assets, you can stay one step ahead of potential threats and keep your business safe from cyber-attacks. Stay informed and stay secure!
REFERENCES
- https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
- https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
- https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
- https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
- https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/