GHSA-fpvg-m786-h5vr

Suggest an improvement
Source
https://github.com/advisories/GHSA-fpvg-m786-h5vr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-fpvg-m786-h5vr/GHSA-fpvg-m786-h5vr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-fpvg-m786-h5vr
Aliases
Published
2023-06-13T18:30:39Z
Modified
2023-11-01T05:02:10.977151Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Dolibarr vulnerable to unauthenticated database access
Details

An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

Database specific
{
    "nvd_published_at": "2023-06-13T15:15:14Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-552"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-14T16:23:01Z"
}
References

Affected packages

Packagist / dolibarr/dolibarr

Package

Name
dolibarr/dolibarr
Purl
pkg:composer/dolibarr/dolibarr

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16.0.0
Fixed
16.0.5