CVE-2022-0731

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions dolibarr/dolibarr versions prior to 16.0

Description The issue is related to Improper Access Control (IDOR) in the dolibarr/dolibarr GitHub repository. It affects the userphoto module, potentially leading to data exposure. The exposed data may include sensitive information about contacts, suppliers, invoices, orders, stocks, agenda, accounting, and more.

Recommendations For versions prior to 16.0, update to version 16.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the userphoto module to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

IDOR

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-639CWE-863

Related Identifiers

BIT-DOLIBARR-2022-0731

CVE-2022-0731

GHSA-4XC7-X2JR-CR74

Affected Products

Dolibarr

CVE-2022-0731

Weakness Enumeration

Related Identifiers

Affected Products

References · 13