PT-2023-28200 · Unknown · Dolibarr Erp/Crm

Chocologicall

+1

·

Published

2023-11-01

·

Updated

2025-04-03

·

CVE-2023-4198

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM versions <= 17.0.3
Description The issue allows an unauthorized authenticated user to read a database table containing customer data due to improper access control.
Recommendations For versions <= 17.0.3, update to a version higher than 17.0.3 to resolve the issue.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BIT-DOLIBARR-2023-4198
CVE-2023-4198
GHSA-48V2-596X-4JR9

Affected Products

Dolibarr Erp/Crm