Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-49k5-kwjc-z3hd
Summary
Files or Directories Accessible to External Parties
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
Aliases
0
alias CVE-2023-33568
1
alias GHSA-fpvg-m786-h5vr
Fixed_packages
Affected_packages
0
url pkg:composer/dolibarr/dolibarr@16.0.0
purl pkg:composer/dolibarr/dolibarr@16.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49k5-kwjc-z3hd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/dolibarr/dolibarr@16.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33568
reference_id
reference_type
scores
0
value 0.8984
scoring_system epss
scoring_elements 0.99592
published_at 2026-06-06T12:55:00Z
1
value 0.8984
scoring_system epss
scoring_elements 0.99591
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33568
1
reference_url https://github.com/Dolibarr/dolibarr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Dolibarr/dolibarr
2
reference_url https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:27:23Z/
url https://github.com/Dolibarr/dolibarr/commit/bb7b69ef43673ed403436eac05e0bc31d5033ff7
3
reference_url https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:27:23Z/
url https://github.com/Dolibarr/dolibarr/commit/be82f51f68d738cce205f4ce5b469ef42ed82d9e
4
reference_url https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:27:23Z/
url https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471
5
reference_url https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:27:23Z/
url https://www.dolibarr.org/forum/t/dolibarr-16-0-security-breach/23471/1
6
reference_url https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump
7
reference_url https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:27:23Z/
url https://www.dsecbypass.com/en/dolibarr-pre-auth-contact-database-dump/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33568
reference_id CVE-2023-33568
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33568
9
reference_url https://github.com/advisories/GHSA-fpvg-m786-h5vr
reference_id GHSA-fpvg-m786-h5vr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fpvg-m786-h5vr
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 552
name Files or Directories Accessible to External Parties
description The product makes files or directories accessible to unauthorized actors, even though they should not be.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Exploits
0
date_added null
description 
Dolibarr version 16 < 16.0.5 is vulnerable to a pre-authentication contact database dump.
          An unauthenticated attacker may retrieve a company's entire customer file, prospects, suppliers,
          and potentially employee information if a contact file exists.
          Both public and private notes are also included in the dump.
required_action null
due_date null
notes 
Stability:
  - crash-safe
Reliability: []
SideEffects:
  - ioc-in-logs
known_ransomware_campaign_use false
source_date_published 2023-03-14
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/http/dolibarr_16_contact_dump.rb
Severity_range_score7.0 - 8.9
Exploitability2.0
Weighted_severity8.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-49k5-kwjc-z3hd